DNP3 (Distributed Network Protocol) and IEC 61850
The DNP3 protocol, or Distributed Network Protocol, is an established telecontrol standard used by energy supply companies in the U.S. and many other countries across the world. While DNP3 is a widespread standard in the U.S. energy market, the European IEC 61850 standard is growing in popularity and is seen as the future benchmark for local communication. With a widespread use of both standards, more organizations are interested in using a combination of the two and this can be facilitated through the use of systems like zenon.
About DNP3 protocol
DNP3, also known as IEEE Std 1815, is a comprehensive protocol standard that defines the rules by which computers communicate with one another. Initiated in 1993, the DNP3 protocol specifically defined the interaction between utility computer systems with remote communication in mind. To this end, DNP3 focuses on providing a lightweight means of transporting simple data values with a high degree of integrity.
The DNP3 defines two types of endpoints that communicate with one another – a master and an outstation. These are defined and explained as follows:
- The master
The master is a computer or network used in a control center. This computer is powerful; storing all the incoming data from outstation sources and processing it for display.
- The outstation
Alternatively known as the slave, the outstation is a computer used in the field. These outstation computers collect information from many devices at the field location, such as current sensors and voltage transducers and communicate the data to the master station. Alternatively, a DNP3 outstation may be a remote device that communicates directly with the master, such as an RTU or an IED, a water or power flow meter, a PV inverter, or any kind of controlled station.
Furthermore, DNP3 defines data variables by type and behavior and prioritizes them based on whether or not they represent a change from the baseline state. All of these values and rules are set up by the master on startup through an integrity poll, which prompts the outstation to send the value and state of all configured points to the master. After this setup process, the outstation selectively transmits events based on whether the data has changed since the last poll. These transmissions often occur on a cyclical schedule but may spontaneously send if certain parameters are met.
These communication rules allow the master and the outstation computers to communicate using limited network bandwidth to transport simple data values and commands between the two ends of the system. This allows signals to be sent over serial links, multi-drop serial links, radio links, dial-up connections and over dedicated networks using TCP/IP or UDP. Because of the adaptability of the system, DNP3 can cope with the majority of connection interruption scenarios, creating a highly resilient communication system with few errors or failures. This flexibility and reliability has been integral to the development of the DNP standard and its adoption for remote communication in the industry.
In practice, DNP3 is primarily used in the automation of substations and control systems for the electric utility industry. However, DNP3 has also been adopted by other utilities and areas, such as the water and wastewater industries. As technology and the utility of the protocol has evolved, the DNP Users Group has continued to develop the specification to improve utility and maintain compatibility and interoperability between devices implementing the original specification or any added features.
Security and encryption of DNP3
While DNP3 is demonstrably effective in transporting data from one end to another, the protection of that data is another matter. Cyber security demands for a set of organizational, architectural and technical measures. The utilization of DNP3 in a system specifically rises the demand for the protection of data at all points of the transmission path. Moreover, the system needs to be protected against unauthorized intervention. To this end, DNP3-based applications often use a combination of TLS encryption and secure authentication procedures, which are defined below:
- TLS encryption
TLS encryption safeguards systems connected over TCP/IP channels by encrypting the data so that only the internal system can read it. TLS encryption is well-defined by the DNP3 standard and the related Standard IEC 62351 Part 3, so it is commonly used as a baseline security measure to safeguard against unwanted disclosure of information, unauthorized access and message manipulation.
- Secure authentication
This optional mechanism requires authentication when certain requests come from either the master or the outstation side. These authentication-protected functions are often critical functions that affect the operability of the system, such as the setting of command outputs, the reading of confirmation messages, or similar. Authentication is bidirectional and works using the challenge-response principle, so that if a function is requested, the master computer is challenged to provide a proper response to a message from the outstation, based on a pre-shared key. This prevents unauthorized or unintended operation. While authentication does not encrypt the data or ensure confidentiality, it provides an extra layer of security to protect against potentially harmful functions or system alterations.
Ideally, DNP3 systems use a combination of these measures to ensure both confidentiality and security at both the master and outstation tiers.
DNP3 vs. IEC 61850
While DNP3 is the standard that is most widely used in the U.S. energy market, in electric, water and wastewater facilities, another standard is quickly achieving global acceptance. The European IEC 61850 standard is gaining recognition as the future benchmark for local communication protocols. Now widely adopted across the globe, many companies currently using DNP3 are also choosing to adopt cross-functionality for both DNP3 and IEC 61850. However, it is important to understand each protocol and how they compare to one another.
At the most basic level, DNP3 focuses on the transportation of simple data in a secure and lightweight manner for the purpose of remote communication. IEC 61850, on the other hand, mainly focusses on communication among assets, such as protection equipment, IEDs or local HMI/SCADA systems, inside of a local facility. Another major difference between DNP3 and IEC 61850 is that the IEC standard focuses on the context of data. While DNP3 focuses on data and largely passes contextualization off for engineers to handle, IEC 61850 integrates context into the system by mapping data to logical nodes with predefined, contextual names. This ensures that context is never lost in the shuffle of compiling data.
By adopting IEC 61850 standards, utility companies can enjoy the following benefits:
- Reduced configuration times
IEC 61850 protocols reduce the time needed to configure new substation automation systems.Due to the availability of a well-defined data model for substation assets, the System Configuration Tools (SCT) can be utilized to achieve a fast design of a substation facility. Configurations for involved systems, such as protection devices or HMI systems can be generated from that. zenon can directly make use of this data, in order to automatically generate an HMI application. This can cut setup time by up to 90%.
- Better standardization and organization
By organizing designs with an object-oriented approach, the IEC 61850 standard allows designers to develop standard configurations for different elements in the power system. This means that individual building blocks can be added or removed without re-engineering the entire system from scratch.
- Less physical reconfiguration
If changes are necessary, IEC 61850 allows these changes to be easily made through software changes rather than physical reconfiguration. As such, engineers can easily make changes or revert to previous setups without requiring costly equipment changes.
- Increased virtualization
IEC 61850 protocols allow substation models to be developed and tested in a virtual setup before implementation. This allows for a stronger initial design that requires less modification over time.
With the above benefits, it's no wonder that the IEC 61850 is becoming more popular. It's important to remember, however, that adopting IEC 61850 does not mean abandoning DNP3. IEC 61850 semantics can be used on DNP3 protocols even where IEC 61850 itself is not used. This adoption can be an early step when planning a future integration of IEC 61850.
How zenon supports DNP3
Managing DNP3 can be a challenge – and juggling both DNP3 and IEC 61850 can be even more difficult. However, a software platform like zenon which controls and automates equipment management can make it substantially easier.
zenon provides comprehensive support for DNP3 by offering a range of functions and supporting a range of configurations. Below are some of the most significant features and functions of zenon and how they can help you with your DNP3 setup.
- Master and outstation functionality
zenon offers comprehensive support of the DNP3 protocol for both masters and outstations. The system does this by assuming both roles during data transfer. As a DNP3 master, zenon acquires data from subordinate units and is compliant with subset levels 1, 2, 3 and 4, for both requests and responses. As a DNP3 outstation, zenon provides data to superordinate units and can act as DNP3 gateway and forward data from an outstation facility to the master computer. Additionally, zenon software can be deployed to multiple embedded devices to lend DNP3 functionality.
- Security functionality
The zenon software platform also offers the comprehensive integration of security functions such as TLS (62351-3) and Secure Authentication via DNP3. Additionally, zenon offers statistical security information from the outstations for monitoring.
- Automation capability
By controlling both ends of the communication system, zenon can mediate control commands and responses, providing increased functionality. Energy automation may be achieved by incorporating data with various technology functions in zenon, while command routing can mediate control commands and responses between upstream and downstream protocol drivers.
These functions simply scratch the surface of what zenon does to support DNP3 functionality.
An overview of the zenon DNP3 master driver
As an example of how zenon supports DNP3 requirements, we'll dive in to exactly how the DNP3 master works within the zenon system. The zenon DNP3 master driver (also known as “DNP3 TG” driver) is a DNP3 master that complies with the IEEE Std 1815-2012. The master is Subset Level 4 compliant for both requests and responses. The master also supports outstations that are Subset Level 1, 2 or 3. In addition to these functionalities, the zenon DNP3 master driver also delivers the following:
- File transfer
The zenon DNP3 master driver supports DNP file transfer functionalities, including the ability to get file information, read the directory, read files, write files, delete files and support file transfers.
- Secure authentication
zenon supports DNP Secure Authentication v2 and v5, which allows secure communication with devices according to both IEEE 1815-2010 and IEEE 1815-2012.
- Automatic master configuration
The master points database automatically populates from a Class 0 poll or by importing XML device profiles.
- Advanced communication statistics
The driver provides detailed local communication statistics for connection monitoring, which enables users to create alarms, configure logging or collect detailed insights for troubleshooting and operational improvements.
- Excellent flexibility
Polling cycles can be dynamically changed to meet changing needs and can be customized to pull data from very small or very large substation groups.
- Backward compatible
Any projects using the previous DNP332 driver or DNP3 NG driver can easily migrate to the new driver.
On top of these benefits, the zenon DNP3 master driver is developed and maintained by COPA-DATA. As a member of the DNP Users Group, we actively play a role in the ongoing development of the IEEE 1815 standard and proactively update our software to meet evolving needs. In short, the zenon DNP master driver is a master driver that can meet your DNP communication needs.
Configuring the zenon DNP3 master driver
One of the most important, and most daunting, tasks when setting up DNP3 systems is driver configuration. With zenon, however, this step is simple – yet it remains highly customizable. Whether you've already purchased the zenon software platform or are simply curious as to how driver setup works, here are the steps involved after opening the configuration window:
- Communication type
Select the ”Options” tab and go to the “Data link” section to choose the appropriate settings for the communication channel to your outstations. This may be a TCP/IP link, a dual endpoint, a UCP connection or a serial link. If you have a serial link, select the “Com” tab to set up the com port settings.
- Time configuration
Go to the “Options” tab then the “Application” section to choose whether outstations use UTC or local time. This section also allows you to configure the pulse duration for controls and define the mapping for double-bit binary values.
- Connection setup
Select the “Connections” tab to configure one or more outstations. To create a new connection with an outstation, select “New” and specify the net address for the outstation. Each outstation may be configured with a “Friendly name” for easy identification. Select “Add” to configure the IP address and any secondary IP address for the outstation. You can also configure the TCP connection time so that the connection closes after a set idle time or remains open regardless of activity.
Once you have configured the outstation connection, you can populate the master database. This can be done automatically by either importing from the XML device profile or by importing directly from the outstation through a Class 0 poll. After adding all items and selecting “OK” all points are created in the database with a link to the corresponding outstation configuration to the driver through the associated net address.
For more information on driver configuration, confer with your COPA-DATA representative.
zenon is a comprehensive DNP3-enabled system that allows for full functionality at both ends of the DNP3 communication setup. If you're looking for a high degree of proven functionality backed by years of expertise, zenon is the right choice. The zenon software platform is from COPA-DATA, a member of the DNP Users Group and an active player in the development of IEEE 1815 standards. With over 30 years of experience in the industry, COPA-DATA continuously improves the software and ensures the maintenance of all necessary logic and algorithms. You are interested in learning more about the capabilities of zenon?