troduction to the IEC 60870-5-104 standard by ENSOTEST teaches you the basics of the 5-104

protocol.

Introduction to the IEC 60870-5-104 standard

The remote control of substations or power plants, using IEC 60870 5-104 standard, allows the utility
to control locations separated long distances from a centralized control room optimizing the use of
resources for that task.

The definition of standardized remote control protocols makes it possible to integrate systems
automated by different vendors with the utility control centre. This allows controlling the system
without the need of protocol converters or adaptations.

When the communication options were limited due to the bandwidth available, the remote control
protocols used serial communication through radio links or the telephone networks in most cases
though private networks.

Within these capabilities IEC defined the remote control protocol called IEC 60870-5-101. This
standard includes a set of messages called ASDU and a set of application functions available to
monitor and control remote stations through the serial channels available at that time.

The arrival of TCP/IP connectivity channels to the remote stations by the use of dedicated optical
fibers, digital radio links or mobile phone networks using 3G/4G, made it possible to access to these
systems with multiple communication channels and also to use a bigger bandwidth in the remote
control task. This also improved the system response time.

Inconclusion, IEC 104 standard applies the remote control concepts defined by IEC 60870-5-101
removing the serial header and adding the appropriate headers for the use of TCP/IP channels.

IEC 60870-5-104 USES THE TCP/IP TECHNOLOGY TO ACCOMPLISH

THE REMOTE CONTROL TASKS DEFINED BY IEC 60870-5-101

60870 5-101
To be able to understand IEC 60870-5-104 we need to learn the basic concepts defined in IEC
60870-5-101.

Communication modes: balanced and unbalanced

Depending on the type of communication channel available: shared (point to multipoint) or dedicated
(point to point) we have two different communication modes:

 Balanced mode. It is used when a dedicated point to point communication channel is

available (telephone connection or dedicated link). The communication is full duplex, and the
 remote terminal unit can send data without waiting for the control centre to request it. This
makes the spontaneous data transfer faster and so on the control centre update.
 Unbalance mode. It is used in point to multipoint links as the radio shared connection.
The communication mode is half duplex. The only remote terminal unit that send data is the
one that has been requested by the control centre using its specific link address in the data
request. The master needs to request cyclically to all the remote terminal units in the channel
to know if there is new data waiting to be transferred.

Unbalanced mode used in radio link

The unbalanced mode can also by used in point-to-point channels but it will lost response time due
to the lack of spontaneous transmission from the remote terminal units.

Frame formats
IEC 60870-5-101 defines two different types of frames, the fixed length frame (used for control
messages) and the variable length frame (used to transport application level messages).

IEC 60870-5-101 frames format

The field marked as data transports the Application Service Data Units (ASDU) that is the container
of the remote control services.

Basic application functions

IEC 60870-5-101 defines different types of ASDU to be use in the existing basic application
functions:
 Initialization.
 Polling data.
 Periodic transfer.
 Spontaneous event transfer.
 General interrogation.
 Time synchronization.
 Control command.
 Counters.
 Parameters loading.
 Test command.
 File transfer.
 Transfer delay measurements.
1. After the reboot of the remote station, this will notify this event to the control centre by
sending an END_ON_INIT ASDU. This message indicates to the control centre that is
needed to update its process image of the remote station using the general interrogation
process.
2. The general interrogation process allows obtaining the current status of all the digital and
analogue signals monitored and included in the general interrogation response by the
remote station. This snapshot of the remote station makes it possible to update its process
image of the remote station.

General interrogation process

3. After the general interrogation process, any change in the status of the variables in the
remote station will be sent to the control centre by the use of different mechanisms as the
periodical transfer mechanism (used with analogue measurements only) or the spontaneous
transfer (used with digital data and measurements with configured deadbands).

Spontaneous transfer of measurement with deadband

4. When the remote station includes integrated total as the energy counters, the remote station
may send this information on demand or spontaneously depending on the counter mode
configured in the system.
5. When an operator requires to modify the system behaviour, a command ASDUcan be send
(C_XX) or a parameter change (P_XX) to act over the controlled system.
Activation command, confirmation and termination

ASDU – Application Service Data Unit

The messages that are sent by IEC 60870-5-101 use one of the two directions of the
communication:

 Control direction: from the control centre to the remote station.

 Monitor direction: from the remote station to the control centre.

All the ASDUstructures include a common header to identify them:

The ASDU format

 TI: Type Identification. Number that identifies the ASDU and then its format and its content.
 VSQ: Variable Structure Qualifier. It describes how the information objects are organized.
 COT: Cause of Transmission. It includes the reason for sending the ASDU and one byte
with an identifier of the control centre.
 CASDU: Common Address of ASDU. Application address used to identify the data in the
system. Generally a remote terminal unit uses only one CASDU.
 Information objects. They include the content of the requested service or the notified
information.

The standard defines different types of ASDUs to send different kind of information:

 Process information in monitor direction that include status values,

measurements, step positions, etc. (M_XX_XX_X).
 Process information in control direction that includes single commands, double
command, step positions and set points (C_XX_XX_X).
 System information in monitor direction, M_EI_NA_1 (end_of_init)
 System information in control direction that includes the general interrogation
commands, counter interrogation, reset, test, read command and time synchronization
(C_XX_XX_X).
 Control direction parameters that allow to modify the deadbands (P_XX_XX_X)
 File transfer (F_XX_XX_X)
Information objects
The format of an information object included the address of the object (IOA), the field value, the
quality of the information, and optionally the timestamp,

The format of the information object

Information identification
Each data point in an IEC 60870-5-101/104 system is identified by two addresses: tha common
address of application (CASDU) and the information object address (IOA).

Information object types

The information of the remote terminal unit can be divided into for categories:

 Digital signals.
 Analogue signals.
 Counters.
 Commands and settings.

Basic information object types

Quality bits in the signals

All the data objects include a quality bit IV that indicates if the value is valid or invalid. At the same
time, depending on the data type, several other quality bit are available;
  Substituted (SB) indicates if the value source is the field or if the value was substituted.
 Blocked (BL): indicates that the data point is blocked.
 Overflow (OV): indicates that a measurement is out of range.

Information time stamping

During the general interrogation, the information is sent without time stamping as it only includes the
current value of the information of the remote terminal unit. When the remote terminal units send
spontaneous ASDUs it uses ASDUs with timestamps so the control centre can create a sequence of
events with the chronology that happened in all the remote terminal units.

IEC 60870 5-104 standard

IEC 60870-5-104 uses TCP/IP channels with full-duplex communication (near to the balanced mode
in IEC 60870-5-101).

While IEC 60870-5-101 wait for a confirmation of each message sent, IEC 60870-5-104 assumes
that the channel is stable and a maximum number of K messages can be sent without waiting for
confirmation from the opposite station.

IEC 60870 5-104 frame format

IEC 60870-5-104 removes the serial header and adds its own header called APCI (Application
Protocol Control Information).

APCI header in IEC 60870-5-104

The first two bits in the first byte of the APCI header are used to identify 3 types of frames:
  U Frame. These control frames manage the traffic exchange over the TCP channel. They
include a START message to allow the traffic flow, a STOP message to block further
communication and a TEST message to check if the connection is alive.
 I Frame. These frames transport application data (ASDUs).
 S Frame. The Supervisory frames indicate to the opposite station the number of the last
frame received properly. They are used as an acknowledge of a set of messages in order to
indicate that the transmission of data can continue.

Redundancy groups in IEC 60870-5-104

IEC 60870-5-104 allows the definition of redundancy channels over TCP/IP. The control centre
establishes several connections at the same time (using different physical channels) and it activates
one of these connections while the others are in the STOPPED state waiting for being STARTED
when the communication in the active channel is lost.

Differences with the application layer in IEC 60870-5-101

IEC 60870-104 does not accept the use of any ASDU using relative timestamp with the information
element CP24Time2A (24 bits). The absolute time stamp with the information element CP56Time2A
(56bits) must be used.

Trying to synchronize a remote station through a TCP/IP channel with the time
synchronization ASDU is not deterministic. With the TCP/IP profile used by IEC 60870-5-104 time
synchronization prefers to use other protocols as SNTP or NTP (Network Time Protocol). When high
accuracy is needed usually a GPS clock with IRIG-B or PTP is the choice selected.

Interoperability
The interoperability document indicates which basic application functions are available, and their
supported options, at the same time this document identifies the supported ASDU and cause of
transmission (COT) for each one.

Interoperability document section

Using the interoperability document (provided by the vendor of the remote terminal unit) the control
centre knows how to configure the communication with that device.
At the same time, using this document the control centre may know if the remote terminal unit is
compatible with its required functions.

During the system integration process, the compatible options must be selected comparing the
control centre and the remote station interoperability documents.

Profiles
The profiles are specifications that select a specific set of options from the available ones in the
standard EC 60870-5-101/104. Usually the utility profiles also define addressing ranges for the
different types of data and even specific points configured with special uses in their systems.

The motivation for the profiles is the limitation of the available options to select the best one
according to the utility needs and also to solve any issue where the standard was not accurate. As
an example a profile can be the selection of sending the analogue measurements periodically using
the scaled value format, whilst a different profile may request to send them using spontaneous
transmission and the floating point ASDU. The remote terminal unit manufacturer must check that
the device fulfil the requirements of the profile specified by the utility before their devices can be
installed in their system.

Usually the utility will request that the remote terminal unit is tested to be sure that their profile is
implemented. This conformance test is performed with a test specification provided by the utility.

Testing specifications with IEC 60870 5-104

IEC defines IEC 60870-5-601/604 document with the basis test procedures to validate
controlling and controlled station that use the standards IEC 60870-5-101/104.

The test cases to be executed depend on the device capabilities defined in their interoperability
document.

Security inclusion with IEC 60870 5-104

IEC 60870-5-101/104 protocols do not include authentication of the data sent, so they are vulnerable
to unauthorized connection or data modification throwing man-in-the-middle attacks. Usually the
security measures consist of tables with list of authorized IP addresses, private networks and
firewalls in the remote station.
These measures nowadays are considered to be quite poor and the experts in the TC 57 WG15 are
working to develop extension to provide security to the remote control communications.

The main topics related to the security of IEC 60870-5-101/104 protocols are described in the
technical specification IEC 62351-5. The technical specification IEC 60870-5-7 describes the
new ASDU messages used. At the same time the document IEC 62351-100-1 describes the test
procedures to validate the secure implementations.

COMMON TERMS Introduction to the IEC 60870-5-104

standard
 ASDU – Application Service Data Unit. Data structure that holds application layer
information to exchange between a control centre and a remote terminal unit.
 DNP3 – Distributed Network Protocol version 3. Protocol used for automation and
remote control communication with serial and TCP-IP capabilities that is used in
substation automation and the communication with control centers.
 IEC – International Electrotechnical Commission – International organization that
develops standards related to the energy sector.
 IEC 60870-5-101/104 – Protocol serial or TCP/IP to exchange data from a
substation to the control centre.
 IED – Intelligent Electronic Device – Any equipment with communication
capabilities used to automate a system.
 RTU – Remote Terminal Unit – Device that gather the information of a whole
system and send it to the control centre using protocols as DNP3 or IEC 60870-5-
101/104.

ENSOTEST is a company that develops test automation tools for IEC 60870 5-104 protocol. IEC

Please check our products website

Fill the form to receive a free copy of this article in pdf

Your Name (required)

Company (required)

Your Email (required)

Send

Categories: Energy system automation, smart grids, Ethernet, substation, remote control

Have you enjoy Introduction to the IEC 60870-5-104

standard ?
Have you any questions about Introduction to the IEC
60870-5-104 standard ?
If you like this article and you want to know more or if you have some questions please. Send us a
message with subject: “Introduction to the IEC 60870-5-104 standard”.

Alternative Titles:

 Introduction to the IEC 60870 standard

 Start with the IEC 104 standard
 Introduction to the IEC 5-104 standard
Own technology

By the use of our own technology we can add advanced features in our products and adapt to the
international standard evolution in record time.

Great experience

Our experts have been working for more than ten years in the development, commissioning and
maintenance of products using open protocols. We can help you to develop the new generation of
intelligent devices for the energy sector.

Better support
Our support team is ready to solve immediately any problem or question that may arise. Please use
our contact form or send an email to our support account.

Always updated

We keep always an eye to the news, events and new developments in the energy market. We are
always learning to keep our products and services fully updated. Living on the edge is the only way
to offer the best solutions.
Copyright © 2020 | ENSOTEST S