DNP3 — telemetry SCADA with unsolicited responses
DNP3 (Distributed Network Protocol, IEEE 1815) is the workhorse of substation telemetry and water/wastewater SCADA. Distinctive trait visible in the animation: unsolicited responses — the outstation pushes event data spontaneously without a poll, marked with an amber UNSOLICITED label.
Animation
Engineering pitfalls
Class-0/1/2/3 event-data overflow
If the outstation collects more events than its buffer can hold between polls, the master gets a partial dataset. Always set unsolicited mode for Class-1/2/3 events; reserve polls for Class-0 static data only.
Confirm-on-data vs select-before-operate
DNP3 SBO (Select-Before-Operate) is mandatory for control outputs. Skip the Select and you'll get a Direct Operate, which removes the safety checkpoint. Audit your control sequence logs quarterly.
Time synchronisation drift
DNP3 time-stamps events at the outstation. If the outstation clock drifts > 1 s from master, event correlation across substations becomes useless. Pair with IRIG-B or NTP on the outstation backplane.
Secure Authentication (SAv5) certificate rotation
IEEE 1815-2012 added SAv5 for cryptographic authentication. Certificates expire. A SAv5 deployment without a cert-rotation runbook will silently degrade to authentication failures in 2-3 years.
References
Primary sources
- IEEE 1815-2012 — Distributed Network Protocol.
- IEEE 1815.1 — Secure Authentication.
- NERC CIP-005-7 — Electronic Security Perimeters (DNP3 trust boundaries).