Category Archives: Uncategorized

IEC 62439

Denne samlingen protokoller ser ut til å være rettet mot “redundancy” for generelle kontrollnettverk.

Her er en video hos YouTube: Video

Det kan se ut som at videoen på YouTube bare dekker en standard i en mer generell samling med standarder.

Og her er en dialogen med ChatGPT:

What is the IEC 62439?

IEC 62439 is an international standard that pertains to redundancy protocols for industrial automation and control systems. Specifically, it focuses on the development and implementation of High Availability (HA) and Fault Tolerant (FT) communication networks in industrial settings. The International Electrotechnical Commission (IEC) is responsible for creating and maintaining this standard.

IEC 62439 is divided into several parts, each of which addresses different aspects of redundancy and fault tolerance in industrial networks. Some of the key parts include:

  1. IEC 62439-1: General Concepts and Overview
    • This part provides an introduction to the concept of high availability and fault tolerance in industrial communication networks.
  2. IEC 62439-2: Ring Network
    • Focuses on redundancy mechanisms for Ethernet-based ring topologies commonly used in industrial networks.
  3. IEC 62439-3: Parallel Redundancy Protocol (PRP)
    • Specifies the Parallel Redundancy Protocol, a standardized method for achieving zero-time switchover between redundant network paths.
  4. IEC 62439-4: High-availability Seamless Redundancy (HSR)
    • Covers the High-availability Seamless Redundancy protocol, which is used to provide fault tolerance in Ethernet networks by enabling rapid network recovery.
  5. IEC 62439-5: Media Redundancy Protocol (MRP)
    • Describes the Media Redundancy Protocol, which is used for redundancy in ring topologies and provides a way to ensure network resilience.
  6. IEC 62439-6: Configuration Profiles
    • Provides guidelines for configuring devices and networks according to the IEC 62439 standards.

These standards are particularly important in critical industrial applications where network failures can have serious consequences, such as manufacturing automation, power distribution, transportation systems, and more. By implementing redundancy and fault tolerance mechanisms defined in IEC 62439, organizations can improve the reliability and availability of their industrial communication networks.

Please note that standards may evolve over time, and new revisions or updates may have been released after my last knowledge update in September 2021. Therefore, it’s a good practice to check the latest version of the standard for the most up-to-date information.

 

IEC 61850

Dette ser ut til å være en protokoll rettet mot “power sub stations” for å ivareta funksjonalitet og sikkerhet først og fremst i forbindelse med smart grids.

En video hos Youtube med litt beskrivelse: Video

En dialog med ChatGPT:

What is IEC 61850?

IEC 61850 is an international standard for the design and operation of substation automation and communication systems in the field of electric power generation, transmission, and distribution. The International Electrotechnical Commission (IEC) developed this standard to provide a common framework for the integration of various devices and systems within a substation and across different substations, enabling more efficient and reliable electrical power systems.

Key features and components of IEC 61850 include:

  1. Data Models: IEC 61850 defines standardized data models and communication protocols for describing and exchanging information about power system equipment, such as transformers, circuit breakers, relays, and meters. These data models are based on the Common Information Model (CIM).
  2. Communication Protocols: The standard specifies Ethernet-based communication protocols, including the Manufacturing Message Specification (MMS) and Generic Object Oriented Substation Events (GOOSE) for real-time data exchange. It also includes Sampled Measured Values (SMV) for transmitting high-speed sampled data.
  3. Substation Configuration Language (SCL): IEC 61850 uses SCL to define and describe the configuration of substation devices and their communication relationships. This allows for consistent and automated configuration of devices and systems.
  4. Logical Nodes: Devices in a substation are represented using logical nodes, each of which performs specific functions and provides standardized services. Examples include the protection and control logical nodes.
  5. Engineering Process: IEC 61850 defines guidelines and processes for the engineering, configuration, testing, and maintenance of substation automation systems. These guidelines help ensure interoperability between devices from different manufacturers.
  6. Interoperability: One of the primary goals of IEC 61850 is to enable interoperability between devices and systems from different vendors. This helps utilities choose the best components for their needs and avoid vendor lock-in.
  7. Cybersecurity: The standard includes provisions for securing communication and data exchange within substation automation systems, which is crucial in protecting critical infrastructure from cyber threats.

IEC 61850 has become widely adopted in the electric power industry because it simplifies the integration of various devices and systems, reduces engineering and maintenance costs, and enhances the reliability and flexibility of power system operations. It plays a significant role in modernizing and improving the efficiency of electrical grids and substations.

 

Time protocols

There are a few time protocols commonly used for synchronizing time on a network. The most widely used protocols include:

  1. Network Time Protocol (NTP): NTP is one of the oldest and most widely used time synchronization protocols. It is designed to synchronize time across a network by exchanging time information between NTP servers and clients. NTP can achieve high accuracy and is commonly used in various types of networked devices.
  2. Precision Time Protocol (PTP): PTP is a more advanced and accurate time synchronization protocol compared to NTP. It is often used in applications that require extremely precise time synchronization, such as industrial automation and financial trading systems. PTP uses hardware timestamping and more elaborate algorithms to achieve sub-microsecond synchronization.
  3. Simple Network Time Protocol (SNTP): SNTP is a simplified version of NTP that offers basic time synchronization capabilities. It is commonly used in situations where high accuracy is not necessary, and simplicity and low resource consumption are valued.

These protocols help ensure that devices on a network have consistent and accurate time, which is crucial for various applications that rely on synchronized timekeeping, such as distributed systems, network security, and logging.

Can time protocols be filtered in a firewall?

Yes, time protocols can be filtered in a firewall. Firewalls are network security devices that monitor and control incoming and outgoing network traffic based on predefined rules. These rules can include filtering based on protocols, such as NTP, PTP, or SNTP.

To filter time protocols in a firewall, you can define rules that allow or deny traffic based on the specific protocol used for time synchronization. For example, you can create a rule to allow NTP traffic from trusted NTP servers while blocking any other NTP traffic originating from other sources. Similarly, you can configure rules to allow or block traffic for PTP or SNTP protocols based on your network security requirements.

By filtering time protocols in a firewall, you can control which devices are allowed to synchronize time with external time servers or restrict access to internal time servers. This can help enhance network security and prevent unauthorized time synchronization.

Why do you use time protocols in a network?

Time protocols are used in a network for several important reasons:

  1. Time synchronization: Time protocols ensure that all devices within a network have a consistent and accurate understanding of time. This is crucial for various network operations and applications that rely on synchronized time, such as logging, authentication, transaction sequencing, and coordination of distributed systems.
  2. Network operations and troubleshooting: Accurate time synchronization helps network administrators effectively monitor and troubleshoot network issues. By having synchronized timestamps on log files and network events, it becomes easier to correlate events, identify the sequence of events, and analyze the root cause of issues.
  3. Security and authentication: Many security mechanisms and protocols rely on accurate timekeeping to ensure proper authentication and authorization. For example, digital certificates and Kerberos authentication both depend on accurate time synchronization to prevent replay attacks and maintain the integrity of cryptographic operations.
  4. Compliance and auditing: In various industries, regulatory standards and compliance requirements necessitate accurate and auditable time synchronization. Time protocols help organizations demonstrate compliance with regulations and facilitate accurate timestamps for auditing purposes.
  5. Coordination of distributed systems: Distributed systems, such as cloud computing environments or geographically dispersed servers, require synchronized time to ensure proper coordination and consistency. Time protocols enable these systems to have a common time reference, facilitating tasks like distributed data replication, transaction management, and distributed database consistency.

Overall, time protocols play a critical role in maintaining network operations, security, compliance, and coordination within a networked environment.

Does windows use a time protocol?

Yes, Windows operating systems use a time protocol called Network Time Protocol (NTP) for time synchronization. NTP is the default time synchronization protocol used by Windows to ensure accurate timekeeping across Windows-based devices.

Windows operating systems, starting from Windows 2000 and newer versions, include the Windows Time service (also known as W32Time), which is responsible for time synchronization. The Windows Time service uses NTP to synchronize the local system time with a reference time source, which can be either an external NTP server on the internet or an internal time server within the network.

By default, Windows systems are configured to synchronize time with Microsoft’s NTP server time.windows.com. However, you can configure Windows to synchronize with different NTP servers if desired, either manually or through Group Policy settings in an Active Directory domain.

The Windows Time service periodically contacts the configured NTP server(s) to obtain accurate time information and adjusts the local system time accordingly. This helps ensure that Windows-based devices have synchronized and accurate time, which is important for various system operations, network communication, security, and other time-dependent applications running on Windows.

Does Operational Technlogy use a time protocol?

Yes, Operational Technology (OT) often utilizes time protocols for synchronization and coordination purposes. The precise timekeeping and synchronization of devices in OT systems are crucial for maintaining accurate and coordinated operations.

One widely used time protocol in OT is the Network Time Protocol (NTP). NTP is a networking protocol designed to synchronize clocks of computers over a network. It enables OT devices to maintain a common time reference by periodically adjusting their clocks based on time signals received from NTP servers.

Another time protocol commonly used in OT is the Precision Time Protocol (PTP), also known as IEEE 1588. PTP is a more precise and accurate time synchronization protocol, specifically designed for high-speed and real-time systems. It allows OT devices to achieve sub-microsecond synchronization within a network.

Both NTP and PTP play vital roles in ensuring accurate timekeeping and synchronization within Operational Technology environments, facilitating efficient and coordinated operations.

Formelle krav i fohold til OT system og nettverk.

Krav til personellkompetanse.

Tekniske krav til uførelse av bygningsinstallasjoner.

Tekniske krav til Ekominstallasjoner:

Tekniske krav til Maskiner med elektriske installasjoner.

Krav tilteknisk utstyr.

Tekniske og funksjonelle krav om cybersikkerhet.

Dette er jo bre en oppsummering av mest setrale og det viktigste. Det finnes jo mange flere bransjerettede krav og også mange flere krav som går på detaljniå. Når man jobber som elektrofaglig og/eller automasjonsfalgig ansvarlig i en bedrift så er noe av kravet at man kan regelverket godt og at man kan vurdere og forebygge all risiko ut i fra en helhetlig situasjonsforståelse.

En av de grunnprinsippene som man, eller i alle fall jeg har pleid å jobbe ut i fra, det er at man har en fortløpende dialog med tilsyns/fagmyndigheter og leverandører og at man dokumenterer alle arbeider ut i fra det som leveres av dokumentasjon fra leverandørene og den dokumenasjon som man utarbeider selv.

Risikovurdering og forebyggelse av risiko i forbindelse med Cyberangrep må skje ut i fra en helhetsvurdering og ut i fra summen av alle risiko og krav til sikkerhet, til sammen.