DNP3

DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. Usage in other industries is not common. It was developed for communications between various types of data acquisition and control equipment. It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations (aka Control Centers), Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is primarily used for communications between a master station and RTUs or IEDs. ICCP, the Inter-Control Center Communications Protocol (a part of IEC 60870-6), is used for inter-master station communications.

History

While IEC 60870-5 was still under development and had not been standardized, there was a need to create a standard that would allow interoperability between various vendors' SCADA components for the electrical grid. Thus, in 1993, GE-Harris Canada (formerly known as Westronic, Inc.) used the partially completed IEC 60870-5 protocol specifications as the basis for an open and immediately implementable protocol that specifically catered to North American requirements. The protocol is designed to allow reliable communications in the adverse environments that electric utility automation systems are subjected to, being specifically designed to overcome distortion induced by EMI, aging components (their expected lifetimes may stretch into decades), and poor transmission media.

Security

Although the protocol was designed to be very reliable, it was not designed to be secure from attacks by hackers and other malevolent forces that could potentially wish to disrupt control systems to disable critical infrastructure.

Because smart grid applications generally assume access by third parties to the same physical networks and underlying IP infrastructure of the grid, much work has been done to add Secure Authentication features to the DNP3 protocol. The DNP3 protocol is now compliant with IEC 62351-5. Some vendors implement elliptic curve cryptography which the US NSA considers sufficient to protect information as "top secret" with only 384 bits. Implementation of ECC over DNP3 is not very widespread yet.

The DNP3 protocol is also referenced in IEEE Std. IEEE 1379-2000, which recommends a set of best practices for implementing modern SCADA Master-RTU/IED communication links. These include not just encryption but other practices that enhance security against well known intrusion methods.

Technical details

The DNP3 protocol has significant features that make it more robust, efficient, and self compatible than older protocols such as Modbus, at the cost of somewhat higher complexity.

DNP3 is, in standard networking terms, mostly a layer 2 protocol. It provides multiplexing, data fragmentation, error checking, link control, prioritization, and layer 2 addressing services for user data. The DNP3 frame strongly resembles, but is not identical to the FT3 frame. It makes heavy use of Cyclic redundancy check codes to detect errors.

The improved bandwidth efficiency is accomplished through event oriented data reporting. The Remote Terminal Unit is initially interrogated with what DNP3 terms a "Class 0 poll." This causes the RTU to send all static point data to the Master station. Then, as the data points generate events, these events can be placed in one of three buffers whose status is reported on every Remote Terminal Unit response. If there is data in that buffer, the buffer data flag is set. The Master can then see that there should be event data to be retrieved when issuing a poll for Class 1, Class 2, or Class 3. In other words, after a Class 0 poll, only significant data changes are sent. This can result in significantly more responsive data retrieval than polling everything, all the time, irrespective of whether it has changed significantly.

The Remote Terminal Unit can also be configured to spontaneously report Class 1, 2, or 3 data, when it becomes available.

The DNP3 protocol supports time synchronization with an RTU. The DNP Protocol has time stamped variants of all point data objects so that even with infrequent RTU polling, it is still possible to receive enough data to reconstruct a sequence of events of what happened in between the polls.

The DNP3 protocol has a substantial library of common point-oriented objects. The focus of this extensive library was to eliminate the need for bit-mapping data over other objects, as is often done in many Modbus installations. For example, floating point number variants are available, so there is no need to map the number on to a pair of 16 bit registers. This improves compatibility and eliminates problems such as Endianness.

A Remote Terminal Unit for the DNP3 protocol can be a very small, simple embedded device, or it can be a very large, complex rack filled with equipment. The DNP User Group has established four levels of subsets of the protocol for RTU compliance. The DNP Users Group has published test procedures for Levels 1 and 2, the simplest implementations.

While this protocol is robust, efficient, compatible, and secure; it is getting more and more complex and subtle as it ages. While this is partly due to more demanding industrial applications, it is also a reflection that SCADA concepts are not as simple as they might first seem. The goal of compatibility, seems more and more elusive as issues emerge from field experience.

IEEE Standardisation

The IEEE adopted DNP3 as IEEE Std 1815-2010 on the 23rd of July 2010^[1]. IEEE Std 1815 was co-sponsored by the Transmission and Distribution Committee and Substations Committee of the IEEE Power & Energy Society, with additional input from the DNP Users Group.

Open source implementations

• master/slave/testset licensed under Apache 2.0

External links

• DNP Users Group
• Web-based DNP3 Protocol Information and Training
• Training on DNP3 Protocol

References