Tesco Automation at DistribuTech 2024

VPAC Demo with RTDS

Experience the forefront of Protection, Automation, and Control innovation at DISTRIBUTECH International® 2024. Join us for a unique live demonstration showcasing centralized protection schemes, constructed around the IEC 61850 standard, operating in a virtual environment on a unified hardware platform, and tested in real-time with hardware-in-the-loop. Gain insights into harnessing world-class simulators from RTDS to validate cutting-edge applications developed by ABB. Stress-test hardware and networks with the assurance of reliability from Advantech and Moxa before commencing construction.

Don’t miss the opportunity to attend a presentation at DISTRIBUTECH International® 2024, where Tesco Automation and the vPAC Alliance will share insights into the groundbreaking work being undertaken in this field. Visit Tesco Automation/Advantech at Booth #3463 (adjacent to DNP3 User Group Booth) to learn more about becoming a vPAC Alliance member and witness a live vPAC demonstration using IEC 61850 based hardware-in-the-loop (HIL) testing.

Announcement for vPAC Alliance

Tesco is proud to be a member of the international vPAC Alliance, who will be meeting at DISTRIBUTECH International® to make a major press release. The Alliance has several working groups defining requirements, such as applications, computing hardware, lifecycle management, etc., and some of this work is coming to fruition. Visit Tesco Automation/Advantech at Booth #3463 (adjacent to DNP3 User Group Booth) to learn more about becoming a vPAC Alliance member and witness a live vPAC demonstration using IEC 61850 based hardware-in-the-loop (HIL) testing. It will be the only one on the floor with a virtualized protection and RTDS based testing environment.

How DNP3-SAv6 and AMP Meet OT Security Requirements Like Nothing Else Does

By: Grant Gilchrist

The DER and SCADA environment is especially challenging for implementing security, consisting of mixed networks of both IP-based and serial networks. These serial links are typically low-bandwidth, often very unreliable and sometimes pay-per-byte. The devices on SCADA networks typically have limited processing power. SCADA networks are hierarchical, and the serial portions are typically without a routing layer at network nodes. Devices typically only have access to authentication servers at the top of the hierarchy, not within substations or on pole-tops, and often do not have access to accurate time synchronization.

Typical IT security solutions do not address the requirements of the SCADA environment. The authentication and encryption extend only to the borders of the IP portions of the network and do not reach to the serial end devices. Neither TLS nor IPSec is well-suited for low-bandwidth or low-processing-power environments. Most SCADA field devices cannot reach an authentication server.

DNP3-SAv6 and AMP work in a mixed IP/serial network because all messaging is at the application layer. Security is always end-to-end rather than site-to-site regardless of whether routers, terminal servers or gateways are used. These protocols meet the requirements for reduced processing through an emphasis on symmetric and/or elliptic curve cryptography for authentication and encryption. The design limits the amount of messaging overhead through encoding choices and the use of report-by-exception rather than periodic request-response. Accurate time synchronization is not required to protect against replay attacks.

Using DNP3-SAv6 and AMP, users can add devices to the secure network by authorizing those certificates automatically created by the devices, without a human seeing the keys. The central AMP Authority can make use of utilities’ existing root CA, while it acts as an intermediate CA for the SCADA system; and it can revoke credentials promptly without using CRLs.

Presenter: Grant Gilchrist, P. Eng., Tesco Automation
Date: Feb 28, 2024
Time: 3:30 PM – 4:00 PM
Room: W308AB
Track: Cyber and Physical Security

Learn More

Distributech International