Would you like to know what you can do after establishing a connection via the IEC 60870-5-104 protocol? In this article, you will learn everything about the practical reading and visualization of your data.
IEC 60870-5-104 (IEC 104 for short) has been the gold standard for telecontrol in vital infrastructure, such as power plants, water management, and railways, for years. The protocol is robust and reliable, but the data is often ‘locked up’ in local SCADA systems. However, in an era of IIoT and predictive maintenance, you want to see this data not only in the control room but also on dashboards in the cloud.
How do you translate a classic industrial protocol to a modern cloud environment without compromising on cybersecurity? In this article, we explain how you can safely unlock, buffer, and visualize this data with the Remote Routers and Remote Portal.
The Challenge: Why IEC 104 is not “Cloud-Native”
The IEC 60870-5-104 protocol is designed for permanent connections over TCP/IP but dates back to a time when cybersecurity and cloud integration were not yet priorities.
Directly connecting an IEC 104 device (such as an RTU in a substation) to the public internet carries significant risks. The protocol does not natively have authentication or encryption. In addition, many cloud platforms (such as Azure or AWS) do not speak the specific language of IEC 104; they expect more modern protocols such as MQTT or HTTPs.
To make IEC 104 data secure and usable for remote monitoring, a smart intermediate layer is needed.
Step 1: The hardware gateway as translator
The basis of the solution is an industrial gateway that speaks the language of the machine. The Remote Controllers and Routers function as the IEC 104 Master.
Instead of writing complex code, you configure the router to read specific addresses (ASDUs) from the connected PLC or RTU (the Slave). Because our hardware supports the protocol natively, this is a matter of configuration rather than programming. The router retrieves the data locally and prepares it for transmission to the cloud.
Read more: View the technical specifications of the IEC 60870-5-104 protocol here >
Step 2: The secure tunnel (Cybersecurity)
Because IEC 104 itself does not support encryption, the transport layer must provide that security.
Our routers establish a fully encrypted VPN connection to the Remote platform. The vulnerable IEC 104 data is, as it were, packed in a secure tunnel. The data is unreadable to the outside world. This means that you can safely read vital assets (such as switches in a power grid) remotely without having to open ports in your firewall to the whole world.
Tip: Read more about our security standards and encryption >
Step 3: Visualization in the Remote Portal
Once the data has arrived safely on the Remote platform, it is made directly usable. You do not need expensive SCADA licenses to create a professional overview.
In the Remote Portal, you can easily build dashboards with widgets that are linked to the IEC 104 variables:
- Real-time status: See directly whether a switch is open or closed.
- Graphs: Analyze trends, such as the voltage curve of the past week.
- Alarming: Set triggers. Does a value exceed a certain level? Then the correct technicians will immediately receive a push message or e-mail.
Step 4: Forward data to another platform
Do you want to store the data for longer or use it for other purposes? Then you can forward it to another platform such as Microsoft Azure, Google, Amazon AWS, Influx, BlockBax, or your own solution.
Conclusion: from complex protocol to clear insight
Unlocking IEC 60870-5-104 data does not have to be a complex IT project. By using a specialized IIoT router that functions as a gateway, buffer, and security layer, you make old and new systems compatible.
The result? You manage your infrastructure more efficiently, prevent data loss in the event of connection problems, and guarantee the safety of your installations.
Do you want to manage your IEC 60870-5-104 equipment remotely?
Curious about what this looks like for your organization? View our routers that support this protocol as standard or request a demo of the portal environment.
