Recent Researches in Circuits, Systems, Communications and Computers

Remote Control in Power Substation Automation

Department of information technologies, Faculty of informatics,
University Hradec Kralove
Rokitanskeho 62, 500 03 Hradec Kralove
Czech Republic,

Abstract: The aim of this paper is to analyse the utilization and technological aspects of remote control systems and
access in power substation automation with a focus on the IEC 61850 standard. This paper is divided into two main
parts. At first we analyse the possibilities, protocols and technologies from the datanetworking point of view. Finally
we present the solution for the power substation automation in the Czech Republic based on the IEC 61850standard.

Key-Words: - Substation, IEC 61850, remote access, network topology, Modbus, DNP3

1 Introduction substation or the whole substation automation systems

Substation automation in power industry enables the can be connected and create the complex system.
development of remote monitoring, control and Furthermore this paper is mainly focused on the modern
electronic devices coordination. Substation automation standrard IEC 61850 and the implementation in complex
encounters the challenge of power distribution reliability SAS project in Czech Republic. On the other hand the
and efficiency. Potential risk factors such as lighting, integrated solution brings the potential risk factors, such
accidents, system faults or financial efficiency leads as security vulnerabilities and threads.
to development of standardization process [1], [2]. According to EU direction 96/92/EC, only one
Standards and appropriate technologies help to operator is responsible for power distribution.
contribute to the following issues: Distribution and power production is separated to ensure
the competition on the market. In the Czech Republic
• Reduce settings and configuration effort ČEPS, a.s. serves distribution services. This company,
• Create more capability and flexibility controlled by the government, ensures the allocation of
power resources, transformation capacities, management
• Stimulate more interoperability
and security issues. Dispatching centre grants
• Lower installation cost
neighbouring countries interconnection for international
• Reduce manual effort & errors collaboration in Europe, respecting UCTE [6] rules for
electricity power exchange. Bilateral cooperation is
Throughout the history, variety of systems, technologies currently in progress with distribution operators in
and protocols has been developed. The main problem in Germany, Poland, Austria, Slovakia, Hungary and
this area is the fact that many of these protocols and Slovenia.
developed systems are usually vendor depended and
cannot be adopted as a complex solution. If we analyse
this area from the data networking point of view the
most important protocols are Modbus, Modbus Plus, 2 Remote control and access protocols in
DNP3 and IEC 60870. These protocols still operates at substation automation systems
the electronic utility level. Systems usually serve the
selected services and cannot be adopted over the 2.1 MODBUS
standard and high-speed communication technologies Modbus has been originally developed as the serial
like the Ethernet [18]. Ethernet is one of the most communications protocol by Modicon company in 1979
important technologies in the networking area. The for communication with programmable logic controllers.
utilization and interconnection with the industry During the time, this protocol became the standard for
communication standards is a topical issue and brings creation of automation systems in wide are of industrial
many assets. Important Ethernet characteristic is that is applications. Recently Modbus support various set of
part of standardised networking models like ISO/OSI networking technologies including serial
and TCP/IP protocol stack. The independent parts of the communication, optical or radio networks, RS-232, RS-

422 a RS-485 serial communication or the TCP/IP IEC 60870-5-10 is a structured substandard
enhancements. which provides the definition for the interfaces of RTU
According to the transport technologies, (Remote Terminal Units) and IED (Intelligent Electronic
MODBUS operates at different layers within the Device). It consists of the necessary components and
protocol stack model. Following picture presents profile definitions for vendor’s development and ensures
possible solution. the compatibility with other systems. The
communication profiles and mechanisms are
technologically independent, according to ISO/OSI
relation model. They act mainly on application a data
link layer.

Fig.1 MODBUS technologies and network reference models

At the operational level, Modbus works in a

response/answer manner. Required function is presented
by the sequence code listed in protocol documentation.
Modbus is suitable mainly for serial data communication
and it is not optimized for communication over the
Fig.2 TCP/IP communications profiles model
Modbus plus is important enhancement of At the physical layer allows the selection of compatible
previous protocol version. Modbus plus can be seen as a standards with RS-232 and RS-485, and also support
complex solution for remote communication in industry fibre optics interfaces. The frame specification provides
area. Adoption of TCP/IP protocol stack extends the use the required data integrity together with the maximum
of this protocol. For the connection over the internet, efficiency for acceptable implementations. FT 1.2
Modbus obtained reserved system port 502. represents asynchronous way of communication and can
Modbus/TCP basically encapsulates a Modbus frame be implemented using standard Universal Asynchronous
into a TCP frame in a simple manner. Transmission Recover Transmitters ports. This standard also offers
Control Protocol represents the connection oriented and fixed and variable block length and single transmission
reliable mechanism instead of other industrial or network character control procedure.
technologies. Therefore, Modbus can make use of the The data link layer specifies if an unbalanced or
advantages of internetworking technologies and this fit balanced transmission mode is used together with the
the master and slave nature of Modbus. There are some link procedures. The selection corresponds with function
disadvantages of this protocol. Modbus for example does codes. The address schemas for communication circuit
not give time stamped events. The sequence of events is are also provided. The link transmission procedures
missing the time stamp context and also not provides follow the IEC 870-5-2 standard, like other parts of the
polled report by exception. protocol stack, and specify the send commands with
confirmation and no replay, request and response
2.2 IEC 60870-5-101 message. This protocol stack can be implemented in
IEC 870-5-101 is an industrial standard developed by the multidrop bus and point to point networks topology.
IEC TC57 for electric utility communication between
master stations and remote units. The IEC 870-5-101
consist of five parts, like the DNP3 protocol, which we 2.3 DNP3
will discuss in the next chapter. IEC 60870-5-101 is one Distributed network protocol is a protocol stack or a set
of the IEC 60870 set of standards, which is focused on of communication protocols used for the interconnection
remote control in electrical engineering and power of automation systems. Typically is used within the
system automation applications. The substandard part 5 SCADA systems and Intelligent Electronic Devices
provides a communication profile for sending basic (IED in the terminology of IEEE TC97 group) in the
remote control messages between two systems via area of power industry. DNP3 is not widely used in other
directly connected permanent circuit. industries. DNP3 uses the IEC60870-5 defined frame

(FT3). FT3 frame is very similar but not strictly in the following table. Changes in one part should not
identical. CRC checking and optimal enhancements are affect other relations or elements.
the main differences. In the networking terminology,
according to the ISO/OSI reference model, DNP3 is
mostly the layer 2 protocol, which provides IEC 61850-10 - Conformance testing
multiplexing, error checksum, link control, data
fragmentation, basic QoS prioritization and layer2 IEC 61850-6 Configuration language for
addressing schemas. From the transport and application communication in electrical substations
layer perspective, the DNP3 packet loses its own logical related to IEDs
context, the interconnection with data units and IEC 61850-8-x IEC 61850-9-x Specific
substation transport events. There were some communication service mapping (SCSM)
enhancements developed, for example the UCA 2.0
(Utility Communication Architecture developed). IEC 61850-7-4 Compatible logical node
classes and data classes

IEC 61850-7-3 Common Data Classes

IEC 61850-7-2 Abstract communication

service interface (ACSI)

IEC 61850-7-1 Principles and models

IEC 61850-5 Communication requirements

for functions and device models

Fig.4 IEC 61850 Standardisation structure

The standardization of mechanisms and rules

is necessary for other services, objects and algorithms
defined in IEC 61850-7-2, IEC 61850-7-3, IEC 61850-7-
4. IEC 61850-8-1, and creates a link with ISO 9506,
Fig.3 Data processing a very important industrial automation standard.
The following picture shows the main functions,
2.4 IEC 61850 networking profiles and their connection with ISO/OSI
IEC 61850 is the response of previous standards limits. reference model and TCP/IP model. Some kinds
It brings many assets for technology development and of messages are encapsulated straight into Ethernet
implementation. The standardization process brings the frames and therefore it is complicated to retransmit them
convention for object modelling and programming, the out of L2 broadcast/multicast segments, typically used
use of modern networking technologies, commands within the substation for horizontal communication.
schemas, data representation, data transfer, encapsulation
and many more. IEC 61850 is a huge standard and
consist of many substandard. It would be impossible to
cover all topics; more information can be found here [3],
[4], [5].
IEC 61850 communication and data transfers
can be realised via serial and modern computer networks
technologies using TCP/IP model and Ethernet
encapsulation techniques. We recognize two categories
of communication: vertical and horizontal [7].
The collection of IEC 61850 standards covers the
methodology for devices integration, data encapsulation
or network services protocols. Relationships between
the specific sub-layers of IEC models are described
Fig.5 Communication standards

layers. The rest four layers form T-Profile. Services are

IEC 61850–5 defines the following communication mapped, according to IEC 61850-7-2 standard, in four
messages with the consequent interpretation: different combinations of A-Profile and T-Profile:
Type 1 (Fast messages)
Type 1A (Shutdown messages) • Client/server model
Type 2 (Midfast messages) • GOOSE/GSE control
Type 3 (Slow messages) • GSSE services
Type 4 (Prime data messages) • Time synchronization
Type 5 (Data transfer messages)
Type 6 (Time synchronization messages) Client/server model is used for relations in conjunction
with IEC 61850-8-1 standard and its declaration
Type 1 and Type 1A are mapped on specific ether-types specified in IEC 61850-7-2.
for decoding optimization of accepted messages. Type 2,
3 and 5 are requested by service oriented messages. ISO 2.1.2 GSE/GOOSE communication profiles
9506 MMS (Manufacturing Message Specification)
provides methods and services for ACSI information GSE (Generic Substation Events) control model, defined
modelling. in IEC 61850, provides a fast and reliable mechanism
ISO/OSI reference model splits up network of data transfer [9], [10], [11], [12] over the network.
communication into seven sub-layers and helps to scale The standard defines more ways for communication
the future development of networking model. IEC 61850 in substation. GOOSE and GSE events typically use
enables utilization of frequently used IP networks; multicasts for data delivery. Generic Object Oriented
it helps to lower financial costs [8], [9]. The picture Substation Events (GOOSE) mechanism groups data
bellow illustrates the interconnection between ISO/OSI into objects and transmits within them 4 milliseconds.
layers, networking technologies and services. There are It helps to assure the reliability and transmission speed
three main utilized services: GOOSE, SVM and ACSI of communication. (GSSE) mechanism is enhanced
basics. by UCA2.0 status messages. In Ethernet networks data
are segmented and encapsulated straight into frames and
transported as a lower layer multicast over the networks
[8]. This might be a bottle-neck in specific
implementations, because the feature development
depends on GOOSE interpretation, but broadcast domain
limitation is not obviously the main problem
in implementation.

2.1.3 Time synchronization

Time synchronization is an important part of IEC 61850
standard and helps to ensure the system homogeneity
and action validity. Communication profile is used for
relation in conjunction with IEC 61850 8 1 and specifies
objects that contains TIME attribute. Special GPS
modules with horizontal communication capability are
Fig.6 Messaging SVM and GOOSE

2.1.1 SMV (Sampled Measured Values) 2.2 Data communications and other aspects
SMV is a method used for passing measured samples As we mentioned above, internal topological model
from sensor units, like CTs, VTs or digital I/O sharing separates the communication in horizontal and vertical
between IED devices. Lower layers of ISO/OSI model level. Horizontal communication ensures the critically
use Ethernet multicast characteristics and unicast important connection between each IEDs (Intelligent
communication via serial line. OSI reference model Electronic Devices). From a computer networking point
(ISO/IEC 7498-1) describes in detail the conception of view it is possible to use serial links or direct
of each communication layer and networking profiles, encapsulation of Generic Object Oriented Substation
application (A-Profile) and transport (T-Profile). Events into Ethernet frames. Serial lines are sometimes
A-Profile is the collection of specifications and offered as a better solution, because of their advantages
agreements dealing with first three ISO reference model in direct communication, accessing methods, signalling
and finally for security reasons.

Big advantage of traditional network utilization solution opens many questions in security area, data
in industrial communication purposes are: encapsulation techniques, modification of MPLS WAN
network or internal substation topology proposal.
• Sharing network resources Following chapters describe the limitation and proposed
• Lower the financial costs solution which has recently reached the test phase.
• Faster development of networking technologies
• Creating complex SAS project over 3.1 Internal SAS communication level
internetworks Internal substation topology should be designed
• Remote access capabilities according to the IEC 61850 requirements described
in chapter 2.1. Proposed topology utilizes Ethernet as
On the other hand, IP networks, respectively, Ethernet a main transport technology instead of serial lines,
technologies utilization comes with many limits for IEC because IP networks allow more possibilities for
61850 and therefore usually serial links are substation integration. To overcome the limitation
recommended rather than Ethernet. NBMA (Non- of NBMA network type it is recommended [7], [13],
Broadcast Multiple Access) networks were not built for [14] to use IEC 61850 certified devices which help
the communication sensitive on delivery order, to overcome Ethernet limitation with enhanced features.
reliability, constant throughput or quality of services
[13]. In case of data modulation in Ethernet frames, it is • Faster spanning tree algorithm calculation
necessary to grant high quality connection and • Optical/metallic links support
to overcome some negative aspects, which are not • 802.1q VLAN optical rings support
relevant in average networking processes. As a critical • GVRP (Generic Attribute Registration Protocol)
factor there can be mentioned communication delay, • Upper layer segmentation
destination identification interpretation and packet loss • QoS engine with L2 layer support
on the second OSI layer. TCP/IP stack does not include • L2/L3 Security integration
mechanisms for reliable delivery which will grant frames • IGM snooping and enhanced L2 multicast
order and quality of services. This effort historically lays features
on lower layers or added mechanisms. TCP/IP model is High availability of the automation system ensures
used typically for vertical communication. doubled optical rings connected in high capacity
Connectionless and non-reliable communication over switches (Ruggedcom 9100). Data, objects and messages
UDP protocol is used for NTP time synchronization. are replicated between two heads of the control system.
Connection-oriented and reliable communication over The main asset of this approach is a system protected
TCP protocol is used for ASCI MMS message against Ethernet broadcast storms with fast convergence
communication described in previous chapter. In time (less than 6 ms against seconds measured
traditional asset the QoS mechanism (Quality of in standard RSTP+ protocol implementations). Token
Services) is implemented on logical level and enables GOOSE messages are controlled by L2 filters and
services classification and prioritization. IEC 61850 logically interpreted by IED devices. The topology was
requests reliability, fast data delivery and redundant created with the effort to correspond with wide IEEE
topology with maximal accepted delivery time of about recommendation for industrial automation (IEEE 1613
10 milliseconds1*, including network topology level 2, IEC 61850-3, IEC 61800-3, IEC 61000-6-2,
convergence. These requirements can be overcome only NEMA TS-2).
by the enhancement of Ethernet with special
technologies and devices. Analysis and project design 3.2 External connections to SAS
has to take these factors into account. The external connection to substation automation system
serves the access to merge units, legacy IED devices,
3 SAS project in the Czech Republic gathering statistical data or system management. These
connections can be divided into three parts:
The goal of the Substation Automation System project
is to create centralized and interconnected solution • Access to dispatching centres
within next two years. Finally ČEPS and dedicated • Intra-substation communication
suppliers, like ABB or SIEMENS, will be able • Remote connection to WAN or internet
to connect even with the substation devices via modern
IP networks, internet and WAN technologies. This Dispatching centre accesses via serial line encapsulation
1 in to IP datagrams over physical or virtual lines defined
Depends on the implementation and size
in IEC 60870-5-101 industrial standard for data
of network substation topology

exchange. The communication within substation 3.3 Remote access and substation
includes the substation operators and parameterization interconnection
department access. Demarcation point in these two types Remote access and substation interconnection open
of communication lies on the head of automation system. many security threats. A successful project requires
From the security point of view, this might be a a reliable and secure system with the ability to account,
bottle-neck of network. authentic, authorise and monitor the network activity.
Future development and integration with IP Every connection to the substation passes through the
networks needs to change this communication means. ČEPS WAN network. In this scenario, vendors, local
The first part of the project includes a brand new ČEPS and substation networks are connected together.
connection for the third communication type. Remote Communication line violation, listening or DoS attack
connection to WAN or internet is used for accounting are pending in transparent networks. Therefore it is
systems, control and other internal proposes. External necessary to isolate this communication in network.
access to the IED devices, sensors or head of the Isolation on physical level is rather expensive and in this
substation systems needs to be taken under control and case an impossible solution, because of the distance
secured. To solve this problem, we offer to use between substations. Virtual private networks are able
a gateway located on the substation level with the to encrypt and isolate data.
following features and configuration.

Fig.8 Remote access topology

Fig.7 Substation topology control room Proposed network topology is secured in a multilevel
way. External communication to substation has to pass
There are two types of communication in IEC 61850, CISCO ASA (Advance Security Appliance) connected
horizontal and vertical. The first one is encapsulated in failover cluster for high availability solution. This
directly into the frames and strongly influenced by the device checks the incoming traffic, the filter against
network quality. The second one is transported by upper access list, allows to set rules and connects to the AAA
layers of TCP/IP model and it is used for IED device system mentioned above. This rule is applied for each
management, connecting to the heads of SAS etc. type of external communication. The access from
Downrec is a computer device, controlled by a vendor, internet, WAN or other systems is deeply monitored
with a special control software on the border between against viruses, hacking patterns and mirrored. In the
substation and WAN part of the ČEPS networks. One next step, data flow is encrypted and routed via OSPF
the most important goals of this gateway are to manage protocol, for internet access packets are translated via
and filter traffic in both directions and to apply the NAT mechanism. MPLS networks and firewalls over the
security rules. Tunnelling techniques help to isolate the rest of the network are allowed to open IPS tunnels
traffic between the core of the ČEPS network and vendor authentication process and data flow only.
internal networks. Another respected requirement is Each substation is connected (also their
to get the possibility to use the same logical addressing substation buses) via gateways with NAT, IPSEC,
scheme in every substation and therefore this device FIREWALL features. The gateway creates the border
must be able to perform L3 operation. between partial SAS automation system and external
connection. This place applies further security activities
like data decryption, rules for vendors, NAT mappings
and many others. Network monitoring and proactive
reaction to security threats became necessary part of the

security solution [15]. IDS (Intrusion detection system) [1] DAVID, A. K; WEN, F Market Power in Electricity
monitors network activities for malicious activities or Supply. In Power Engineering Review, IEEE .
policy violations and process the output to the Volume: 21: Issue:12 , 2001. p. 67 - 68.
dispatching centre. IPS (Intrusion prevention system) <
than performs reactions to security threats detected by ber=4311230>. ISSN 0272-1724.
the IDS system. Security Appliance with IDS/IPS [2] SHIRMOHAMMADI, D, et al Distribution
capatibilites will be located in the ČEPS network core, automation system with real-time analysis tools. In
because this point is the last place before data are Computer Applications in Power, IEEE . Volume: 9 :
encrypted in IPSEC tunnels. This device will Issue: 2, 1996. p. 31 - 35 .
be responsible for acquiring and recording the <
information about network utilization. Traffic can be ber=491517>. ISSN 0895-0156.
forwarded to the free SPAN port of IPSEC-VPN [3] ZHANG, Jianqing ; GUNTER, Carl A. . IEC 61850 -
concentrator and connected to the monitoring server. Communication Networks and Systems in
High availability purpose request more than two ASA Substations:An Overview of Computer Science.
device connected and configured as a failover cluster. University of Illinois at Urbana-Champaign 2007.
Remote access from internet allows operators <>.
outside the company or suppliers networks to connect in [4] BRUNNER, C IEC 61850 for power system
the substation. SAS project will be examined according communication. In Transmission and Distribution
to security standards such as ITSEC or FIPS. Remote Conference and Exposition. 2008. p. 1 - 6 . ISBN
networking software and Cisco security appliances are 978-1-4244-1903-6.
FIPS 140-2 certified. The user with remote software [5] YONGLI, Zhu, et al Study on interoperable
connects to IPSEC/VPN concentrator witch filters this exchange of IEC 61850 data model. In Industrial
traffic and checks the traffic against viruses, malware Electronics and Applications, 2009. ICIEA 2009. 4th
or potential attacks using signatures, antiviruses and IEEE Conference on. [s.l.] : [s.n.], 2009. s. 2724-
heuristic techniques. All devices or security solutions 2728. ISBN 978-1-4244-2799-4.
implemented in the SAS project are certified by security [6] Statistical Year Book 2008. 1. Regional Group
standard FIPS 140-1 or 140-2. Different parts of the Continental Europe ( former UCTE ) : Entsoe, 2008.
system require different security levels defined by FIPS. <
[7] ZHANG, Jianqing ; GUNTER, Carl A. . IEC 61850 -
Communication Networks and Systems in
4. Conclusion Substations:An Overview of Computer Science.
Remote access to substation automation in power [8] IEC 61850-8-1 Ed. 1.0 en:2004, Communication
industry can be performed in a different ways. Previous networks and systems in substations - Part 8-1:
standards like Modbus, DNP3 or IEC 608750-5-101 Specific Communication Service Mapping (SCSM) -
have limited options of use. IEC 61850 area covers a Mappings to 9506-1 and ISO 9506-2) and to
wide range of problems, solutions and technologies; ISO/IEC 8802-3, ANSI, 2007
therefore it is complicated to design. Every project may [9] IEC 61850-7-2 Ed. 1.0 en:2003, Communication
significantly differ. The IEC 61850 standardization does networks and systems in substations - Part 7-2: Basic
not offer any method or step by step procedure. communication structure for substation and feeder
Standardization is relatively free and open to equipment communication service interface (ACSI),
modifications. IEC61850 standardizes object definition, ANSI, 2007
communication technologies and requirements. Many [10] IEC 61850-7-1 Ed. 1.0 en:2003, Communication
settings, such as GOOSE messages, TCP ports settings networks and systems in substations - Part 7-1: Basic
etc. act as recommendations for system designers. The communication structure for substation and feeder
SAS project in ČEPS entered the pilot implementation. equipment - Principles and models, ANSI, 2007
Recently the network core interconnected with five other [11] IEC 61850-7-3 Ed. 1.0 en:2003, Communication
automated substations is being build. The national networks and systems in substations - Part 7-3: Basic
electricity distributor encourages this effort and declares communication structure for substation and feeder
strong support for the SAS project because it brings equipment - Common data classes, ANSI, 2007
many interesting assets, as well as it raises many [12] IEC 61850-7-4 Ed. 1.0 en:2003, Communication
questions to answer. networks and systems in substations - Part 7-4: Basic
communication structure for substation and feeder
References: equipment logical node classes and data classes,
ANSI, 2007

[13] Odom W., Hucaby D., Wallece K, CCNP Routing

and Switching Official Certification Library, Cisco
Press, 2010, ISBN: 978-1587202247
[14] COLE, Robert G. ; RAMASWAMY, Ravi . Wide-
Area Data Network Performance Engineering. 1.
Boston : Artech House Publishers, 1999. ISBN 978-
[15] GUPTA, R. B.: Substation Automation Using
IEC61850 Standard, Fifteenth National Power
Systems Conference (NPSC), IIT Bombay,
December 2008.

