dnp3 overview for aga gti security meeting in washington dc
TRANSCRIPT
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 1/44
05/21/9705/21/97
www.dnp.org
DNP3 ProtocolAGA/GTI SCADA Security MeetingAugust 19, 2002 / Washington, DC
Presented By:
Mr. Jim Coats, President
Triangle MicroWorks, Inc.
Raleigh, North Carolina
www.TriangleMicroWorks.com
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 2/44
05/21/9705/21/97
www.dnp.org
Agenda
Purpose of a Communication Protocol
History of DNP3
Benefits of Industry Standard Protocols
Overview of Protocol Features
What’s Next for DNP3?
Demonstration of Test Harness
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 3/44
05/21/9705/21/97
www.dnp.org
Credentials
Vice President of DNP3 Users Group
Lead US member for IEC TC 57 WG 03
Past member of DNP3 Technical Committee
Eight years experience developing/supporting productsfor DNP3 through Triangle MicroWorks
Source Code Libraries
Test Harness
OPC Server and Protocol Gateway
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 4/44
05/21/9705/21/97
www.dnp.org
Purpose of a Communication Protocol
Replicate database from one device to another
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 5/44
05/21/9705/21/97
www.dnp.org
Objectives of a Communication Protocol
Minimize protocol overhead to avoid extra cost ofhigh bandwidth media
Ensure reliable data transfer (CRC or checksum)
Provide necessary features such as time stamps orfreeze operations
Provide data quality flags
Since September 11th, prevent unauthorized use ormonitoring of data
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 6/44
05/21/9705/21/97
www.dnp.org
Report by Exception (RBE)
Protocols like Modbus transmit all the dataeach time a device is polled
RBE only transmits changes, so fewer datapoints
Timestamps allow creation of Sequence ofEvents (SOE) log on Master Station
RBE can be polled or unsolicited
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 7/44
05/21/9705/21/97
www.dnp.org
Agenda
Purpose of a Communication Protocol
History of DNP3
Benefits of Industry Standard Protocols
Overview of Protocol Features
What’s Next for DNP3?
Demonstration of Test Harness
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 8/44
05/21/9705/21/97
www.dnp.org
History of DNP3
Distributed Network Protocol
Developed by GE (previously Harris, Westronics)
Based on early parts of IEC 870-5
Turned over to Users Group in 1993
DNP and IEC 870-5-101 have been specified in IEEE P1379
Recommended Practice for Data Communications Between Intelligent Electronic Devices and Remote Terminal Unit
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 9/44
05/21/9705/21/97
www.dnp.org
Newton-Evans Research
1. DNP3 protocol is now the most popular protocol inuse by global electric utilities.
2. Also the DNP LAN implementation led the way forplanned use by both North American andinternational utilities.
Taken from “The World Market for Substation Automationand Integration Programs in Electric Utilities: 2000-
2004” August 2000
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 10/44
05/21/9705/21/97 11
www.dnp.org
DNP Today
Vendor Products >100 vendors, +250 DNP products and services
Utilities/Industrials used by >300 utilities and industrials worldwide
Countries used in over 32 countries
Total Industry $250 Million / year of DNP products and services
Industries
Electric, Oil & Gas, Water and Industrial
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 11/44
05/21/9705/21/97 11
www.dnp.org
RelayRelayRelay
Master Station
Substation RTURS-232
Serial
Phone Line
Relay
Engineer
Terminal
Modem
Modem
DNP3 Topology
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 12/44
05/21/9705/21/97 11
www.dnp.org
DNP3 Users Group
Basic membership cost is $200 per year
Members from: Vendors - System Integrators
Utilities - Software developers
Volunteers staff the following committees to manage the protocol:
Steering CommitteeSteering Committee
TechnicalCommittee
TechnicalCommittee ConformanceCommitteeConformanceCommittee Marketing
CommitteeMarketingCommittee Liaison
CommitteeLiaisonCommittee
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 13/44
05/21/9705/21/97 11
www.dnp.org
DNP3 Technical Committee
Technical Committee Chairman: Andrew West, Invensys (Foxboro Australia)
Secretary: Grant Gilchrist, GE Energy Systems
Meets via conference call once a month
Meets in person once per year
Daily interaction by Maillist
Protocol evolution tracked by yeari.e. DNP3 2002
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 14/44
05/21/9705/21/97 11
www.dnp.org
DNP3 Technical Committee
Technical Committee = Managed Evolution
Define new features, then update documentation andtest procedures
Clarify existing documentation when differentinterpretations exist
A Controlled Standard, avoids multiple Vendorspecific variations of the protocol
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 15/44
05/21/9705/21/97 11
www.dnp.org
Agenda
Purpose of a Communication Protocol
History of DNP3
Benefits of Industry Standard Protocols
Overview of Protocol Features
What’s Next for DNP3?
Demonstration of Test Harness
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 16/44
05/21/9705/21/97 11
www.dnp.org
Utility Benefits
Select products based on performance, not protocol
Reduced training costs to learn only one protocol.
Greater availability of support services
Able to participate directly in evolution of protocol viaparticipation in User Group
Evolving to continue to meet market needs
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 17/44
05/21/9705/21/97 11
www.dnp.org
Vendor Benefits
Avoid NRE charges to add/update newprotocols for each new project
Well documented, “proven” protocol
Participate in development of commonprotocol instead of company protocol
Large Utility Client Base
Greater availability of 3rd party supportservices and Test Tools
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 18/44
05/21/9705/21/97 11
www.dnp.org
Ensure Interoperability
DNP3 UG
Technical Committee DNP3 Conformance
Test Procedures
Independent Conformance
Testing Company
Certificate of
Conformance
Products
Equipment
Vendor
Utility ** The Utility will specify in all RFQs that a Certificate of Conformance is required
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 19/44
05/21/9705/21/97 11
www.dnp.org
Interoperability Documents
The following documents are used tointerface DNP3 Devices:
DNP3 Device Profile Document
DNP3 Implementation Table
DNP3 Points List
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 20/44
05/21/9705/21/97 22
www.dnp.org
Agenda
Purpose of a Communication Protocol
History of DNP3
Benefits of Industry Standard Protocols
Overview of Protocol Features
What’s Next for DNP3?
Demonstration of Test Harness
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 21/44
05/21/9705/21/97 22
www.dnp.org
Core Specification Documents
DNP V3.0 Basic 4 Document Set DNP V3.0 Data Link Layer
DNP V3.0 Transport Functions
DNP V3.0 Application Layer Specification
DNP V3.0 Data Object Library
DNP V3.0 Subset Definitions Document (Level 1, 2,& 3)
Conformance Test Procedures
Technical Bulletins
All of these documents are available for download by
DNP User Group members from the DNP web site.
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 22/44
05/21/9705/21/97 22
www.dnp.org
OSI 7-Layer Model Compliance
DNP3 uses a simplified 3 layer version of the OSI 7Layer model called EPA (Enhanced PerformanceArchitecture)
7 - Application
6 - Presentation5 - Session4 -Transport
3 - Network2 - Link1 - Physical
DNP adds a Transport layer to permit messages largerthan a data link frame
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 23/44
05/21/9705/21/97 22
•Receive goes up the stack, transmit goes down the
stack.
•Size of data transmitted/received may fit into one data
link frame. So do not require multi-frame fragments ormulti-fragment messages.
•A single DNP application function is usually sent as a
single application layer message, which can consist of
many data link frames.
www.dnp.org
Application message = unlimited size
Transport fragment = 2048 bytes (max)
Data Link frame = 292 bytes (max)
Physical byte = 8 bits
DNP Message Buildup
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 24/44
05/21/9705/21/97 22
www.dnp.org
“Balanced” Link Layer
Master SlaveRequest Message
Response Message
(User Data, Confirm Expected)
(Acknowledgment)
[P]
[P] = Primary Frame[S] = Secondary Frame
[S]
(User Data, Confirm Expected)
(Acknowledgment)
[P]
[S]
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 25/44
05/21/9705/21/97 22
www.dnp.org
“Balanced” Link Layer
At the link layer, all devices are equal
Collision avoidance by one of the following:
Full duplex point to point connection (RS232 or four wireRS485)
Designated master polls rest of slaves on network
Physical layer (CSMA/CD)
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 26/44
05/21/9705/21/97 22
www.dnp.org
Device Addressing
DNP3 Link contains both Source andDestination address
Both are always 16 bits
Application layer does not contain address
The provision of a source and destination address
simplifies message routing in certain network
topologies.
A DNP link address is a device’s logical address. Asingle physical device is permitted to respond to
multiple addresses (contain multiple logical devices).
Each device will appear to the master as a completely
separate device.
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 27/44
05/21/9705/21/97 22
www.dnp.org
Application Layer Features:
Time Synchronization
Time-stamped events
Freeze/Clear Counters
Select before operate
Polled report by exception
Unsolicited Responses
Data groups/classes
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 28/44
05/21/9705/21/97 22
www.dnp.org
Application Layer
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 29/44
05/21/9705/21/97 22
Master/Slave Network - Slaves do not speak unless
spoken to
MAC = Media Access Control - CSMA/CD
Polled Static - Class 0 or specific data request message sent to each
device
Polled Report by Exception - Class 1, 2, 3 request message sent
to each device with occasional integrity (class 0) data poll.
Unsolicited Report by Exception - most communication is
unsolicited, but the Master occasionally sends integrity polls for class 0Data to verify its’ database.
Quiescent Operation - master never polls slave
Last two modes are useful when communication
medium is dial-up modem.
www.dnp.org
Means of Retrieving Data
Master/Slave Network
Polled Static
Polled Report byException
Point to Point (or MAC)
Unsolicited Reportby Exception
Quiescent Operation
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 30/44
05/21/9705/21/97 33
www.dnp.org
DNP3 LAN-WAN Features
Puts entire DNP3 Stack on top of TCP/IP
Became part of Standard in Nov 1998
Makes use of widely available andinexpensive third-party products
Specification also allows for use of UDP(connectionless) service
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 31/44
05/21/9705/21/97 33
www.dnp.org
Agenda
Purpose of a Communication Protocol
History of DNP3
Benefits of Industry Standard Protocols
Overview of Protocol Features
What’s Next for DNP3?
Demonstration of Test Harness
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 32/44
05/21/9705/21/97 33
www.dnp.org
What’s Next for DNP3?
Major revision to DNP3 Basic 4 Document set
Address Security Issues
DNP3 Master Conformance Test Procedures
Double-Bit Status
Output Event Objects
Self Description XML file approach
Define new protocol functionality
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 33/44
05/21/9705/21/97 33
www.dnp.org
Security in DNP3
Threat until recently was noise on the wire
CRC bytes were actually called “Security” bytes inmany protocol analyzers
Most security provided by Physical isolation ofnetwork and lack of common knowledge aboutsystems
Since moving toward more network solutions,security has now become a priority
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 34/44
05/21/9705/21/97 33
www.dnp.org
DNP3 User Group Plan for Security
Form a Working Group within the DNP3 TechnicalCommittee
Will hire consultant to write Technical Bulletins
Discussion so far has been on 2 solutions:
Encryption/decryption device placed at each end of the wire
Security Enhancements directly in the protocol
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 35/44
05/21/9705/21/97 33
www.dnp.org
Self Description Using XML
XML is an excellent standard that is naturally suited for these typesof applications
Primary benefit is “Plug & Play”, for faster and more accuratedevice install or replacement
One data file contains information normally found in the DNP3interoperability documents: Device Profile Document
Implementation Table
Points List, including scaling and units information
DNP3 Solution will build on existing models developed by IEC TC57 Working Group 14 and/or UCA2
Online or offline transfer of XML file to DNP3 Master
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 36/44
05/21/9705/21/97 33
www.dnp.org
Offline Option
DNP3 IED
DNP3 Master DNP3 Slave
DNP3Communicatons
DNP3 XML
Device
Profile
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 37/44
05/21/9705/21/97 33
www.dnp.org
Benefits of using XML Files Offline
Can be applied to existing devices placed in operationyears ago
Does not interfere with real time communications
Good for small devices that may not support DNP3 filetransfer
Requires no changes to DNP3 Embedded code
All XML files can be stored in centralized networklocation
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 38/44
05/21/9705/21/97 33
www.dnp.org
Online Option
IED ConfigSoftware
DNP3 Master
DNP3 SlaveDNP3
Communicatons
DNP3 XMLDevice Profile
DNP3 File Transfer
during first startupsequence
DNP3 XMLDevice Profile
Transfer to deviceduring configuration
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 39/44
05/21/9705/21/97 33
www.dnp.org
Benefits of using XML Files Online
XML file is contained in device, always know whereto find it
Requires no changes to DNP3 Embedded code ifalready supports File Transfer
Nominal affect on real time communications
IED only transferring a file, does not need to knowdetails of file or XML
Can evolve without affecting Embedded code
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 40/44
05/21/9705/21/97 44
www.dnp.org
Agenda
Purpose of a Communication Protocol
History of DNP3
Benefits of Industry Standard Protocols
Overview of Protocol Features
What’s Next for DNP3?
Demonstration of Test Harness
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 41/44
05/21/9705/21/97 44
Test Harness Demonstration
Manual Commands
Periodic Commands
Toggle binary input to create unsolicitedresponse
TCL/TK Script for conformance testing
A full 21-day evaluation of the Test Harness may be downloaded
from www.TriangleMicroWorks.com/downloads.htm .
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 42/44
05/21/9705/21/97 44
www.dnp.org
Summary
DNP3 is:
Well established in the Electrical Utiltiy Industry
Has an active users group that is eager toenhance the protocol to meet new requirements
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 43/44
05/21/9705/21/97 44
www.dnp.org
DNP3 Users Group Web site
All protocol documentation and meetingminutes posted on web site
List of equipment supporting the protocol
Join DNP3 maillist
Next General meeting - February 2003 inLas Vegas
www.DNP.org
8/4/2019 DNP3 Overview for AGA GTI Security Meeting in Washington DC
http://slidepdf.com/reader/full/dnp3-overview-for-aga-gti-security-meeting-in-washington-dc 44/44
www.dnp.org
More Information on DNP3
IEEE P1379 - www.ieee.org
SCADA Mailing List -
www.iinet.net.au/~ianw
Contact me, Jim Coats at:
www.TriangleMicroWorks.com
(919) 870-6615