SCADA Communication Techniques and Standards Dennis J.Gaushell'and Wayne R.Block2 oCADA)yem Change of signal amplitude RTUs are interconnected (amplitude modulation or consist generally of a master sta- AM) tion (master)and a number of geo- to the master station Change of signal frequency graphically dispersed remote through a variety of (frequency shift keying or terminal units (RTUs).RTUs are interconnected to the master via a communication channels FSK) Change of signal phase (phase variety of communication chan- shift keying or PSK). nels,including radio links,leased A demodulator detects the lines,and fiberoptics (see Figure 1).Due to the limited change in the signal and outputs the transmitted informa- availability and high cost of communication channels. tion at the receiving end of the communication channel. the design of master and RTUs is profoundly affected. Information transmitted in only one direction is referred Communication channels limit the speed at which to as a simplex channel.Information transmitted in both data acquisition and control can be performed,thus directions,but not simultaneously,is called a half-duplex affecting the master user interface and applications soft- channel.Information transmitted in both directions, ware design.In addition,noise occurring randomly on simultaneously,requires a full-duplex channel. the communication channel requires additional master and RTU hardware and software design to guarantee Multiplexing that information is transferred correctly from master to It may be desirable to transmit many pieces of informa RTU,and from RTU to master. tion at the various transmitter locations to a receiver. Configurations of communication systems are dictat- One possible approach is to provide a separate dc-loop ed by: communication channel for each piece of information; ■Number of RTUs however,this would be a very costly approach due to Number of points at RTUs and required update the cost of communication channels,as well as multiple rates transmitters and receivers. ■Location of RTUs Communication facilities available Communication equipment and techniques avail- SCADA able. MASTER STATION This article provides an overview of SCADA communi- cation techniques (modulation,multiplexing,message formats,information transfer)and an update on relevant RTU RTU standards activities. RTU Modulation RTU In order to convey information from one point to anoth- RTU er via a communication channel,it is necessary to trans- RTU mit a signal (or change)at one point that is recognized at the other point.This may be accomplished by several methods: Radlo Links Leased Line ●●●Fiber Optic Westin Engineering Figure 1.Typical SCADA system communications Los Angeles Department of Water and Powe architecture 155N0895-015693,33.00019931EEE Juy199345
A more economical approach is frequently resynchronized by to use a single communication Communication channels dividing the message into short channel for many pieces of informa- limit the speed at which blocks or characters,each with tion;this technique is referred to as their own synchronization bits. multiplexing.The two basic tech- data acquisition and This is an advantage for short mes- niques are frequency division mul- sages where a quick synchroniza- tiplexing (FDM)and time division control can be performed tion is desired.Thus,the efficiency multiplexing (TDM). is relatively high because of the FDM,in which each piece of information is transmit- low synchronization overhead.Cost is very low,due to ted over a dedicated part of the available communi- the simplicity. cation channel spectrum (see Figure 2).For a The synchronous modem,on the other hand,trans- voice-grade channel,up to 25 separate subchannels mits a synchronizing clock signal along with the data (120-Hz spacing per channel)can be utilized.Addi- stream,so that the receiver is precisely synchronized with the transmitter.This technique allows very long messages and high data rates to be transmitted without any problem with falling out of synchronization.However,it SIGNAL 4 does require a longer period of time to establish synchronization,a disadvantage for short messages because the ratio of SIGNAL 3 overhead to data is high.Synchronous modems are generally available from 2400 bits per second (bps)to 1 megabits per sec- SIGNAL 2 ond (Mbps)and are higher in cost than the asynchronous type (although the price dif- ference is decreasing).A summary compari- SIGNAL 1 son of communications with asynchronous and synchronous modems is shown in Table 1. TIME Both asynchronous and synchronous Figure 2.Frequency division multiplexing modems used for SCADA communications require the use of a voice-grade communica- tion channel.Either dial or a dedicated tional voice grade channels are required for each 25 leased channel can be utilized,although most all SCADA pieces of information;therefore,large systems systems require dedicated leased channels.A voice-grade would require an impractical number of channels channel is defined as a "Type 3002 unconditioned"chan- TDM,in which each piece of information is trans- nel and specifies the channel impedance characteristics. mitted as part of a serial digital message over a maximum attenuation,frequency response (from 300 to separate span of time and demultiplexed by the 3,000 Hz),delay characteristics,and noise characteristics receiver into the individual pieces of information (see Figure 3).The digital message utilizes the entire communica- tion channel spectrum in order to obtain the highest possible data rate. Due to the efficiency and low cost of TDM,it is now utilized for all but the smallest SCADA systems. Two basic types of modems are utilized for transmitting information via a communication channel:asynchronous and synchronous. The asynchronous type utilizes separate tim- ing sources (such as crystals)at each end of a data link to make the receiver demodulate the 2 3 4 12 TIME data at approximately the same rate at which SIGNAL it was modulated by the transmitter.Due to this approximation,the data message must be Figure 3.Time division multiplexing 46 IEEE Computer Applications in Power
Table 1.Comparison of communication with performed on the data and compared with the asynchronous and synchronous modems received check bits.The message is accepted if they are identical;otherwise,a retransmission of Asynchronous Synchronous the original message is requested. Modem synchro- Separate timing Timing signal A typical example of commonly used asynchronous nizing technique sources at transmitted message format is shown in Figure 4.The efficiency of transmitter and continuousty receiver the example format is 12/32 or 37.5 percent,which is typical for the asynchronous format. Message lengths Usually 32 blts Several hundred The security of this format is provided by the five-bit allowed maximum bits or more BCH code,which detects all single-bit and double-bit Efficlency Best for short Best for long random errors and all bursts (consecutive bit stream. messages messages where first and last bits,as a minimum,are in error)of Data rates 150-9600bp5 five or less.Security codes must also provide protection 2400 bps-1 Mbps from undetected errors caused by false message syn- Modem cost Very low Moderate,but chronization.Since the typical asynchronous format decreasing requires only a mark-to-space transition to signal the Channel require- Unconditioned Unconditioned start of a message,a false start could occur several bits ment voice grade or conditioned prior to a message due to a noise spike.One way to voice grade reduce this problem,commonly called sync slip,is to invert all security code bits in the message.This pro- vides protection equal to one undetected error per 2n Since verifying channel quality is a time-consuming task,it false synchronizations,where n is the number of securi- is wise to buy modems that have the minimum channel ty code bits.With this approach,longer security codes requirements and the most diagnostic features.These fea- provide better protection from sync slip. tures may include loopback to allow end-to-end tests:indi- cator lights for transmit,receive,carrier,request-to-send Master-to-Remote Data Transfer and clear-to-send;a switch to force the modem to a Information transmitted from master to remote is for the known state;and a self-test mode.The self test mode may purpose of device control,setpoint control,or batch data include a remotely controlled digital or analog loopback transfer.Due to the possible severe consequences of oper- with a test signal transmis- sion.Also,plug-in jacks are recommended to quickly connect test equipment 12 BITS BITS BITS BITS BIT Message Formats 8 MULSECOND The transmission of infor- RTU PRETRANSMISSION FUNCTON 8CH ADDRESS SECURITY AODITONAL CODE mation (both directions) MARK CODE MESSAGE移 between the master and RTUs using TDM techniques SYNCHRONIZATION requires the use of serial MESSAGE INFORMA TION MESSAGE digital messages.All mes- ESTA BLISHMENT TERMINA TION sages are divided into three basic parts: Message establish- Figure 4.Typical asynchronous message format ment,which provides the signals to synchronize the receiver and trans- ating the wrong device or receiving a bad control mes- mitter and the unique RTU address sage,additional security is required for control.This is Information,which provides the data in a coded provided in the form of a sequence of messages,common- form to allow the receiver to decode the informa ly called a select-before-operate sequence,as shown in Fig- tion and properly utilize it ure 5.The following explanatory notes apply to Figure 5: Message termination,which provides the message Message establishment and message termination security checks and a means of denoting the end of fields are not shown. the message.Message security checks consist of Function code specifies the operation to be per- logical operations on the data which result in a pre- formed by the RTU. defined number of check bits transmitted with the Control address specifies the device or setpoint to message.At the receiver,the same operations are be controlled. uy199347
Setpoint provides the value communication channel is to be accepted by the RTU. Demodulators detect change used,so that other RTUs A remote-to-master check- back message is derived in the signal,and output do not decode a batch data transfer message. from the RTU point selec- transmitted information The purpose of the first two tion hardware in order to at the receiving end of messages is to prepare the verify that the RTU has RTU to receive the longer- acted correctly in interpret- the communication channel than-normal message. ing the control selection. The third message trans- A master-to-remote execute mits the data and the message is transmitted only upon receipt of a fourth indicates that the data was correctly proper checkback message. received at the RTU. A remote-to-master execute acknowledge message is a positive indication that the desired control Remote-to-Master Data Transfer action was initiated. All remote-to-master data transfer is accomplished with one basic message sequence by using MASTER-TO-REMOTE CONTROL SELECT MESSAGE variations in the field definitions to FUNCTION CODE CONTROL ADDRESS accommodate different types of data. SETPOINT The basic sequence is shown in Figure 7.The following explanatory notes REMOTE-TO-MASTER CHECKBACK MESSAGE apply to Figure 7: FUNCTION CODE CONTROL ADDRESS SETPOINT Message establishment and mes- sage termination fields are not shown. MASTER-TO-REMOTE EXECUTE MESSAGE Function code specifies the type of FUNCTION CODE CONTROL ADDRESS data to be transferred by the RTU. Data identification specifies the REMOTE-TO-MASTER EXECUTE ACKNOWLEDGE MESSAGE amount and type of data request- FUNCTION CODE ed by the master. CONTROL ADDRESS On each message transmitted by Figure 5.Sequence of messages for control the RTU (except for messages containing only current data),it is necessary to retain the transmit- The sequence of messages shown in Figure 5 pro- ted message in a RTU buffer,so that if the master vides additional security by the checkback and execute does not receive the message correctly,it can messages,since undetected errors must occur in the request a retransmission.Otherwise this informa- control,select,checkback,and execute messages in tion would be lost. order to operate the wrong control device.Prior to Three basic types of data are transferred using the transmission of the sequence,a control operator or dispatcher per- forms a similar select-verify-exe- MASTER-TO-REMOTE CONTROL MESSAGE cute-acknowledge sequence via the FUNCTION CODE DATA ADDRESS control console. Batch data transfers from master to remote include such data as REMOTE-TO-MASTER ACKNOWLEDGE MESSAGE parameters for report by exception FUNCTION CODE DATA ADDRESS and parameters for locally con- trolled devices.This type of transfer is accomplished by the sequence MASTER-TO-REMOTE BATCH DATA TRANSFER MESSAGE shown in Figure 6.The following FUNCTION CODE DATA ADDRESS DATA explanatory notes apply to Figure 6: Message establishment and message termination fields REMOTE-TO-MASTER ACKNOWLEDGE MESSAGE are not shown. FUNCTION CODE DATA ADDRESS Special security precautions are required if a party line Figure 6.Sequence of messages for batch data transfer 48 IEEE Computer Applications in Power
sequence shown in Figure 7: ter/Remote Supervisory Control current data,data snapshot, Synchronous modems transmit and Data Acquisition (SCADA) and data-by-exception report- clock signals along with the Communications.Several ven- ing. dors have announced plans to Current data pertains to data stream,so the receiver develop master/RTU protocols the current state of external equipment and processes at is precisely synchronized in conformance with this IEEE recommended practice,which the time the data is transmit- with the transmitter is a long overdue step on the ted to the master.Data units way to standardization. may be analog values (usually Regardless of the protocol represented by 12 bits per value),binary state of switch- used,the Recommended Practice has many useful prin- es (one bit per switch),or the binary state of switches ciples for designing a SCADA communication system. with past changes of state (two bits per switch).Trans- In the international area,protocols have been devel- mitted messages containing memory of past changes of oped for data communications which could be adapted state must be protected by a transmit buffer to avoid to master/RTU communications.These include the Inter- any loss of data. national Standards Organization (ISO)reference model Data snapshot consists of information stored at the for Open Systems Interconnection.This model divides RTU at some previous instant of time(usually command- the communication process into seven distinct layers, ed by the master or by a local time source at the RTU). with well-defined interfaces between each layer.Within Data units may be analog values (usually 12 bits per each layer,standards are being developed and adopted. value),or memory locations (8 or 16 bits per location). For master/RTU communication,the standard of interest is the High Level Data Link Control MASTER-TO-REMOTE DATA REQUEST MESSAGE (HDLC)protocol.However,this has not been adopted,due to security concerns FUNCTION CODE DATA IDENTIFICATION in the structure of the protocol when applied to supervisory control.Also,the efficiency of a standard protocol such as HDLC is lower than that of a protocol REMOTE-TO-MASTER DATA MESSAGE designed only for SCADA.These issues DATA UNIT 1 DATA UNIT 2 ●。。 DATA UNIT n have yet to be resolved. In addition to master/RTU communi Figure 7.Sequence of messages for data acquisition cations,the master-to-master commu- nications is very important.Present systems generally use system vendors' Data-by-exception reporting consists of information proprietary protocols,which are not very flexible.A concerning the state of external equipment and process- number of systems use a computer manufacturer's pro- es which have changed since the previous reporting. tocol,such as Digital Equipment Corporation's DECNet. Examples are switches that have changed state and ana- To remedy this deficiency,the Western Systems Coordi- log values that have changed by more than a preset nating Council (WSCC)has developed the "Guidelines increment or decrement since the previous report. for Inter-Utility Data Communications".This has been In certain systems it is desirable to record.at the very successful,and,at last count,is being used by 35 RTU,the time at which each switch changed state.Often U.S.utilities.Principal applications have been for called sequence of events,this technique provides infor- exchange of system security and accounting data. mation about the operation of field devices by the time Another protocol is being developed by the Inter-Utility order in which state changes occurred. Data Exchange Committee (IDEC)for a group of eastern US utilities. Standards Activities For local in-plant or in-substation communications,the The development of standards for SCADA systems has local area network (LAN)technology,using fiberoptics,is been a slow and difficult process.The key existing stan- now well developed.These are high-speed networks dard is ANSI/IEEE C37.1,Definition,Specification,and sharing a common bus or ring within a few kilometers. Analysis of Systems used for Supervisory Control,Data The IEEE 802.X LAN standards are used almost exclusive- Acquisition,and Automatic Control. ly to build systems of this type.These systems have the The C37.1 standard,however,stops short of defining advantages of multiple sources of equipment,high capac- a message standard between the master and RTUs. ity,immunity from electromagnetic noise,and modulari- which is a critical need.This subject was discussed in ty.A task force on "Data Exchange Between RTUs and the just-released IEEE Recommended Practice for Mas- Intelligent Electronic Devices (IEDs)"was formed by the ul199349
Substations Committee working group Master Station Architecture,User on"Applications of New Technologies Developing standards Interface,and Advanced SCADA Con- in Substation Monitoring and Control." The task force is investigating proto- for SCADA systems cepts.The October 1992.January 1993,and April 1993 issues of IEEE cols to determine if there is one that is has been a slow, Computer Applications in Power car- ISO/OSI compliant,and would be difficult process ried articles that were also based on applicable to the various substation parts of the tutorial,and other articles equipment. are being considered for future issues. For distances beyond a few kilometers,efforts are The tutorial was presented at the 1991 Transmission underway to develop standards for metropolitan areas and Distribution Exposition and Conference(with video- (metropolitan area network or MAN)and widely dis- taping by the IEEE Education Activities Department), persed areas (wide area network or WAN).The MAN and the IEEE 1992 Winter and Summer Meetings. standard would be applicable to SCADA,while the WAN To order the tutorial document (91 EH 0337-6 PWR) would be applicable to inter-utility exchange.Impacts on or the videotape (HV0245-1-POT,which includes one present systems are several years away. copy of the document),call IEEE Customer Service,(800) In order to provide a common direction to the U.S 678-IEEE electric utility industry in the area of information exchange,the Electric Power Research Institute (EPRD) For Further Reading has a program underway,the Utility Communication G.Paula,"SCADA/EMS:integrating the Latest Developments into Architecture (UCA).The UCA will be designed to define Utility Systems".Electrical World,Volume 206.Number 12,December an overall architecture for all electric utility applications, 1992. including SCADA systems,power plants,customer inter- IEEE Recommended Practice for Master/Remote Supervisory Control face,inter-utility exchange,etc.(A similar effort in the and Data Acquisition (SCADA)Communications,IEEE Standard 999- 1992. manufacturing industry,the Manufacturing Automation Fundamentals of Supervisory Systems.IEEE Tutorial Course.91 Protocol (MAP),has preceded the UCA effort by about EH0337-6 PWR. 10 years).The use of industry standards within the Definition,Specification.and Analysis of Systems Used for Supervisory architecture layers will also be recommended.This Control.Data Acquisition,and Automatic Control,IEEE Standard.Publi- effort will definitely affect the master/RTU communica- cation ANSI/IEEE C37.1. tions area,but probably not for several years. Utility Communications Architecture:LCA Specification V1.0,EPRI RP2949-1,August 1990,Palo Alto,California. Energy Management System Inter-Utility Communication Guidelines, Acknowledgements Western Systems Coordinating Council.June 1984. This article is based on the "Telecommunications Options"chapter of the IEEE Fundamentals of Supervisory Biographies Systems tutorial course.Other chapters include Introduc- Wayne R.Block is supervisor of the Power System Com- tion and Rational for Supervisory Systems,Remote Termi- puter Applications Group at the Los Angeles Department nal Units,Project Management,Considerations in of Water and Power.He has 25 years experience in the Applying Supervisory Control Systems to Electric Utilities. design of Energy Management Systems,SCADA Systems, and RTU installations.He is a Senior Member of the IEEE and the PES,a member of the Substations Committee Abbreviations and its Data Acquisition,Processing,and Control Sys- tems Subcommittee,and is the chairman of the working AM amplitude modulation group on Applications of New Technologies in Substa- FDM frequency division multiplexing tion Monitoring and Control. FSK frequency shift keying Dennis J.Gaushell,P.E.,is a Senior Member of IEEE HDLC high level data link control protocol IED intelligent electronic device and holds three electrical engineering degrees from LAN local area network Bradley University and Stanford University.He has over MAN metropolitan area network 20 years experience in the control and telecommunica- PSK phase shift keying tions fields,as a system supplier and as a consultant. RTU remote terminal unit Presently.he is president of Westin Engineering,Inc. SBO select-before-operate security provision San Jose,California,where he is responsible for all engi- SCADA supervisory control and data acquisition neering activities in water,wastewater,electric,and gas SOE sequence of events control systems,and telecommunications.He is author TDM time division multiplexing of over 20 technical papers,coauthor of the ANS//IEEE UCA utility communication architecture Standard C37.1-1987 (SCADA Standard),and coauthor of WAN wide area network the "Telecommunications Options"portion of the IEEE Fundamentals of Supervisory Systems tutorial course. 50 IEEE Computer Applications in Power
