March 27, 2025

An Overview of IEC 60870-5-104: Practical and Security Applications of the SCADA Communication Protocol

Source: https://www.dreamstime.com/

1. Glossary of Technical Terms


2. Introduction to the IEC 60870-5 Protocol Series

IEC 60870 is a set of international communication standards developed by the International Electrotechnical Commission (IEC) for reliable data transmission between industrial control centers (SCADA) and remote devices such as RTUs and IEDs. These standards are widely adopted in power systems, smart grids, and industrial automation.

IEC 60870-5 is Part 5 of the standard family and includes over 13 sub-standards focusing on protocols for remote control, protection, and communication in power systems.

Two commonly used sub-standards include:

In essence, IEC 104 extends the IEC 101 data structure to IP networks, allowing continuous bidirectional connections for real-time data exchange, rather than relying on traditional polling.


3. Mapping IEC 104 to the OSI Model

IEC 104 functions as an application-layer protocol and uses TCP for transport, typically operating over Port 2404.

The mapping to the OSI model is as follows:

SCADA systems typically use a Master-Slave architecture [1] where the control center (Master) acts as the Client, and the field devices (RTUs/IEDs) act as Servers. A persistent TCP connection is established for data exchange and control.

After connection, the client initiates communication with the StartDT command. If the server is unresponsive for too long, the TestFR command is used to verify the connection.

[1] Since 2020, the terms “Master” and “Slave” have come under scrutiny in the tech industry due to their historical association with slavery. Companies like Oracle and GitHub have advocated replacing them with alternatives like Primary-Replica, Conductor-Member, or Primary-Secondary to promote more inclusive language.
However, as the IEC standards were defined before this shift and still reference these terms, we use them here strictly for consistency and clarity in reference to the original documentation.

4. Communication Format and Data Structure

IEC 104 uses ASDU (Application Service Data Unit) as the primary data encapsulation format. Each ASDU contains:

IEC 104 frames are categorized into three types:

Each message includes sequence numbers for flow control and error detection to ensure reliable delivery.


5. Real-World Use Case: Integrating with SCADA Systems

IEC 104 is a widely used protocol in modern SCADA systems.
Examples:

These devices typically interface with IEDs (e.g., smart meters, protection relays) to receive telemetry such as:

SCADA systems are configured with matching Type IDs, COTs, and IOAs for each data point.

In cases where legacy field equipment only supports IEC 101 (serial), protocol converters or gateways (e.g., Advantech ESRP-PCS-ICR3231 or ECU-1051) can be used to convert IEC 101 to IEC 104, enabling integration into modern Ethernet-based systems.


6. Security Challenges and Protections under IEC 62351

IEC 104 was not originally designed with modern cybersecurity threats in mind, leading to the following issues:

To address these risks, IEC introduced the IEC 62351 series:

If devices do not support IEC 62351, VPNs or secure gateways can be used for encrypted communication or packet forwarding.


7. Practical Recommendations for Secure and Stable Deployment

Even with IEC 62351 in place, the following best practices are recommended:

About this Post

This post is written by Kevin Chiu, licensed under CC BY-NC 4.0.

#English#Industrial Control System#Cyber security