Supported ASDU types identification in protocols of the IEC 60870-5-104 and IEC 60870-5-101 standards

This section presents the ASDU types identification that are supported in Kaspersky Industrial CyberSecurity for Networks (see the table below). The listed types of frames are processed during Deep Packet Inspection on devices that interact over protocols of the IEC 60870-5-104 and IEC 60870-5-101 standards.

Types of frames in protocols of the IEC 60870-5-104 and IEC 60870-5-101 standards

Frame type ID

Operation

Description

Type of main value / system commands

1. Process information in the monitoring direction

<1>

M_SP_NA

Single-point information

bool (0 – OFF, 1 – ON)

<2>

M_SP_TA

Single-point information (with time tag)

bool (0 – OFF, 1 – ON)

<3>

M_DP_NA

Double-point information

unsigned int8 (0 – Indeterminate or intermediate, 1 – OFF, 2 – ON, 3 – Indeterminate)

<4>

M_DP_TA

Double-point information (with time tag)

unsigned int8 (0 – Indeterminate or intermediate, 1 – OFF, 2 – ON, 3 – Indeterminate)

<5>

M_ST_NA

Step position information

int8 (-64 ... +64)

<6>

M_ST_TA

Step position information (with time tag)

int8 (-64 ... +64)

<7>

M_BO_NA

String of 32 bits

unsigned int32

<8>

M_BO_TA

String of 32 bits (with time tag)

unsigned int32

<9>

M_ME_NA

Measured value, normalized value

float

<10>

M_ME_TA

Measured value, normalized value (with time tag)

float

<11>

M_ME_NB

Measured value, scaled value

float

<12>

M_ME_TB

Measured value, scaled value (with time tag)

float

<13>

M_ME_NC

Measured value, short floating point number

float

<14>

M_ME_TC

Measured value, short floating point number (with time tag)

float

<15>

M_IT_NA

Integrated total

int32

<16>

M_IT_TA

Integrated total (with time tag)

int32

<17>

M_EP_TA

Event of protection equipment (with time tag)

unsigned int8 (0 – Indeterminate, 1 – OFF, 2 – ON, 3 – Indeterminate)

<18>

M_EP_TB

Packed start events of protection equipment (with time tag)

unsigned int8 (Set of bits in accordance with the standard)

<19>

M_EP_TC

Packed output circuit information of protection equipment (with time tag)

unsigned int8 (Set of bits in accordance with the standard)

<20>

M_PS_NA

Packed single-point information with status change detection

unsigned int16

<21>

M_ME_ND

Measured value, normalized value without quality descriptor

float

<30>

M_SP_TB

Single-point information (with time tag CP56Time2a)

bool (0 – OFF, 1 – ON)

<31>

M_DP_TB

Double-point information (with time tag CP56Time2a)

unsigned int8 (0 – Indeterminate or intermediate, 1 – OFF, 2 – ON, 3 – Indeterminate)

<32>

M_ST_TB

Step position information (with time tag CP56Time2a)

int8 (-64 ... +64)

<33>

M_BO_TB

String of 32 bits (with time tag CP56Time2a)

unsigned int32

<34>

M_ME_TD

Measured value, normalized value (with time tag CP56Time2a)

float

<35>

M_ME_TE

Measured value, scaled value (with time tag CP56Time2a)

float

<36>

M_ME_TF

Measured value, short floating point number (with time tag CP56Time2a)

float

<37>

M_IT_TB

Integrated totals (with time tag CP56Time2a)

int32

<38>

M_EP_TD

Event of protection equipment (with time tag CP56Time2a)

unsigned int8 (0 – Indeterminate, 1 – OFF, 2 – ON, 3 – Indeterminate)

<39>

M_EP_TE

Packed start events of protection equipment (with time tag CP56Time2a)

unsigned int8 (Set of bits in accordance with the standard)

<40>

M_EP_TF

Packed output circuit information of protection equipment (with time tag CP56Time2a)

unsigned int8 (Set of bits in accordance with the standard)

2. Process information in the control direction

<45>

C_SC_NA

Single command

bool (0 – OFF, 1 – ON)

<46>

C_DC_NA

Double command

unsigned int8 (0 – Unauthorized, 1 – OFF, 2 – ON, 3 – Unauthorized)

<47>

C_RC_NA

Regulating step command

unsigned int8 (0 – Unauthorized, 1 – Next step UP, 2 – Next step DOWN, 3 – Unauthorized)

<48>

C_SE_NA

Setpoint command, normalized value

float

<49>

C_SE_NB

Setpoint command, scaled value

float

<50>

C_SE_NC

Setpoint command, short floating point number

float

<51>

C_BO_NA

String of 32 bits

int32

<58>

C_SC_TA

Single command (with time tag CP56Time2a)

bool (0 – OFF, 1 – ON)

<59>

C_DC_TA

Double command (with time tag CP56Time2a)

unsigned int8 (0 – Unauthorized, 1 – OFF, 2 – ON, 3 – Unauthorized)

<60>

C_RC_TA

Regulating step command (with time tag CP56Time2a)

unsigned int8 (0 – Unauthorized, 1 – Next step UP, 2 – Next step DOWN, 3 – Unauthorized)

<61>

C_SE_TA

Setpoint command, normalized value (with time tag CP56Time2a)

float

<62>

C_SE_TB

Setpoint command, scaled value (with time tag CP56Time2a)

float

<63>

C_SE_TC

Setpoint command, short floating point number (with time tag CP56Time2a)

float

<64>

C_BO_TA

String of 32 bits (with time tag CP56Time2a)

int32

3. System information in the monitoring direction

<70>

M_EI_NA

End of initialization

END OF INITIALIZATION system command

4. System information in the control direction

<100>

C_IC_NA

Interrogation command

INTERROGATION system command

<101>

C_CI_NA

Counter interrogation command

COUNTER INTERROGATION system command

<102>

C_RD_NA

Read command

READ system command

<103>

C_CS_NA

Clock synchronization command

CLOCK SYNCHRONIZATION system command

<104>

C_TS_NA

Test command

TEST system command

<105>

C_RP_NA

Reset process command

RESET PROCESS ACTIVATION / RESET PROCESS CONFIRMATION system commands

<106>

C_CD_NA

Delay acquisition command

DELAY ACQUISITION system command

<107>

C_TS_TA

Test command (with time tag CP56Time2a)

TEST WITH TIME TAG system command

5. Parameters in the control direction

<110>

P_ME_NA

Parameter of measured value, normalized value

float

<111>

P_ME_NB

Parameter of measured value, scaled value

float

<112>

P_ME_NC

Parameter of measured value, short floating point number

float

<113>

P_AC_NA

Parameter activation

PARAMETER ACTIVATION system command

6. File transfer

<120>

F_FR_NA

File ready

Not processed

<121>

F_SR_NA

Section ready

Not processed

<122>

F_SC_NA

Call directory, select file, call file, call section

CALL DIRECTORY, SELECT FILE, CALL FILE, CALL SELECTION system command

<123>

F_LS_NA

Last section, last segment

Not processed

<124>

F_AF_NA

ACK file, ACK section

Not processed

<125>

F_SG_NA

Segment

Not processed

<126>

F_DR_TA

Directory

Not processed

Page top