Overview of SCADA Implementationwith VaultGard and DNP3

DNP3

Distributed Networking Protocol 3.0

DNP3: 5 D's

● Devices● Data● Details● Deployment● Debugging

Devices

SCADAMasters

VaultGard VaultGard

MPCVARMS

NPServe

MPCVARMS

NPServe

MPCVARMS

NPServe

MPCVARMS

NPServeMPCVARMS

NPServe

MPCVARMS

NPServe

MPCVARMS

NPServe

MPCVARMS

NPServeMPCVARMS

NPServe

MPCVARMS

NPServe

MPCVARMS

NPServe

MPCVARMS

NPServeMPCVARMS

NPServe

MPCVARMS

NPServe

MPCVARMS

NPServe

MPCVARMS

NPServe

PI

SCADAMasters

SCADAMasters

ControlRoom

Devices: SCADA Masters

● SCADA Masters and VaultGard facilitate the flow of data from the End Devices to the Control Room and PI

● There are typically multiple SCADA Masters for backup purposes

● Usually only one SCADA Master talks to VaultGard at a time, with fail rollovers to the backup

Devices: End Devices

● Provide raw measurements data– Voltages

– Contact readings

● Provide outputs– Initiate trips or closes

– Toggle maintenance mode

● Time keeping: some devices have internal clocks● Configuration

– Configuration is generally not done via DNP

– Setpoints are generally interdependent and complicated to properly configure

Devices: Virtual Device

● A Virtual Device is how VaultGard organizes and represents the data it collects from the end devices.

● The SCADA Master talks to the Virtual Device on its DNP address.

● In theory, the SCADA Master does not need to know what actual devices are under the VaultGard; it need only understand the Virtual Device.

● In practice, it would take a great deal of standardization between end device manufacturers to realize this abstraction.

Data Points: Types

● Digital Inputs– Breaker Closed

● Analog Inputs– Voltages

● Counters– Operations Counter

Digital Outputs– ROBO

● Analog Outputs– Set operations

counter

Data Points: Organization

● Object Groups are types of Data– 1: Digital Inputs

– 30: Analog Inputs, etc.

● Point Index– Each data point has an index within its group

● A Virtual Device ● Device Addressing Schemes

– Concentration: Reduces communication overhead on SCADA Master

– The SCADA Master talks to VaultGard via DNP Addresses● Address per VaultGard (1 address, all devices)● Address per Vault (1 address for all protectors in a vault; multiple Vaults)● Address per Protector (1 address per Protector; multiple Protectors)● Address per Device

● Recommendation: a virtual address per Vault

Data Points: Events

● Events represent changes in Data– Digital: Turns on or off

– Analog: Measurement goes outside a deadband; referenced against a previously read value

– Counter: Any change up/down

– A reading of any type changes from an invalid to valid value; or vice versa

● Timestamps– VaultGard can report with or without timestamps

● Strongly recommend using timestamps on event data

Details: Event Organization

● Event reporting is organized by assigning data points to classes– Three classes: 1, 2, or 3

– There is no inherent significance to the numbers; they merely help organize

– The SCADA Master may make individual requests per class

– If using more than 1 class, then timestamps must be used to accurately reconstruct the sequence of events

● Organize event data by how frequently it is polled

Details: Timestamps

● Representation:– VaultGard internally keeps UTC (Zulu) timezone

– PI or SCADA Master offset to local/daylight savings time

● Synchronization:– DNP can synchrone time between SCADA Master and

VaultGard

– Some SCADA Masters are broken and download local time instead of UTC!

● Ideally VaultGard uses NTP for time synchronization

Details: Analog Values

● VaultGard sends up analog values in 2 ways:– Floating point:

● e.g. 4.2 x 10-2 ,, 1.23 x 104

● Floating point inherently accommodates decimal values● 32-bit floating point gives 6 digits of precision

– Integer:● Works well for values with no decimals● Decimal accommodation requires scale factors of 10● e.g. Power factor must be scaled by 100

● Choose floating point. Scale factors add complexity!

Details: Deadbands

● VaultGard keeps an internal reference per analog input– If the abs(current reading – reference) >= deadband

– then VaultGard will record a change event and update the reference

– Deadbands are specified as absolute values● e.g. Current phase A deadband is 20 amps. The reference reading is 800

amps. A reading of 820 or 780 will trigger a change event.

● Deadbands must be determined empirically and may vary by vault

● Do not set deadbands to 0 or make them too small;

This will flood VaultGard's internal buffers

Details: Digital Controls

● Termed CROB in DNP lingo– Control Relay Output Block

● May be a PULSE or a LATCH– Pulses technically require an “on time” and an “off time”

● Examples:– PULSE: Initiating a Remrack operation

– PULSE: Requesting close on Primary Switch

– LATCH: Toggling ARMS Maintenance mode

– LATCH: Block Open

● Carefully evaluate your SCADA master's control capabilities

Deployment: Communications

● Communications Port– Ethernet– RS-485 Port

● Communications Link– Radio

– Fiber

● Prefer Ethernet for remote access to VG UI● Prefer Fiber to Radio; radio requires much more tuning

of packet sizes, etc.

Deployment: SCADA Profiles

● Profiles map raw data to DNP points– Data representation

● Floating point/integral● Scale factors

– Timestamp usage

– Controls: PULSE or LATCH

● VaultGard ships with profiles allowing a Virtual address per device● The upcoming VISON release will allow for user creation of more

complex SCADA Profiles● You can download a corresponding DNP XML document from the

VaultGard UI

Deployment: SCADA Virtuals

● SCADA Virtuals incorporate the following– Organize data according to a single SCADA profile– Identify from which devices data is retrieved

– Defines DNP addresses between VaultGard and Master– Holds the deadbands

– Holds the class event organization

● Use SCADA Prototypes as a way to make templates for deadbands and class events.

Deployment: Security

● IPSec ensures the following:– DNP data is confidential via encryption

– DNP controls are authorized via authenticity

● Usage of IPSec is transparent to DNP and does not require extra features from the SCADA Master

● Recommend fully debugging before securing

Debugging: Method

● DNP communication issues are resolved with sniffer captures– Capture communications from the Master side

– Capture communications from the VaultGard side via the VaultGard UI

– Capture communications from the Ethernet link using Wireshark

– Capture communications from RS485 using ASE tools or TMW Test Harness

Debugging: TCP Communications

● Symptom: VaultGard is not responding to Master or connection drops out– Cause: Link Status Request is not enabled on

VaultGard– Cause: Link Status Request time does not exceed

maximum time between polling requests– Cause: SCADA Master's IP is not on VaultGard's

accept list

– Cause: SCADA Master attempts to communicate with non-existent Virtual Address on VaultGard

Debugging: Invalid Data

● Symptom: Data coming from VaultGard is invalid– Cause: The SCADA Master does not support a

certain DNP feature● Examples: floating point, pulse controls, timestamps

– Cause: Data is mismapped in protocol

– Cause: Offline points are caused by noncommunicating devices or unmapped entries in the Virtual

Debugging: Controls

● Symptom: Control does not activate– Cause: Mismatch between PULSE and LATCH

– Cause: Not using the SELECT-OPERATE function

– Cause: Communications latency exceeds SELECT-OPERATE timeout