TASE 2.0 and ICCP
Telecontrol Application Service Element (TASE) 2.0 is also known as Inter Control Center Protocol (ICCP) or International Electrotechnical Commission (IEC) 60870-6, but they are more commonly referred to as ICCP. Since different vendors had their own custom and proprietary protocols, there was a need for a common protocol for communication and data exchange between different control centers. Keeping this in mind, ICCP/TASE 2.0 was designed.
Unlike Modbus, which was designed for serial communication, ICCP has been designed specifically for communication over LAN (Local Area Network) and WAN (Wide Area Network). ICCP is used in communication between different control centers, power pools, sub-stations, other utilities and non-utility generators.
The International Electrotechnical Commission (IEC) and the International Standards Organization (ISO) has adopted ICCP in the following international standard forms:
- TASE.2 Services and Protocol (IEC 60870-6-503)
- TASE.2 Object Models (IEC 60870-6-802)
- TASE.2 Application Profile (IEC 60870-6-702).
ICCP major role and functionality in an ICS/SCADA network
ICCP is chiefly used in an ICS/SCADA network for performing following functionalities:
- Connection establishment
- Reading and accessing information from the end server
- Transmission of information from one control center to another
- Notifications: Changes, alarms or if any exception condition occurs
- Remote device configuration
- Control of remote devices and operating programs
ICCP architecture and working
ICCP is a kind of client-server model protocol and widely used for client-server communication between control centers. ICCP allows the exchange of real-time data like measured values, scheduling data, operator messages and energy accounting data. The server contains application data and predefined functions for connection establishment and communication. The client issues a request to the server for reading, accessing and modifying the resource and data present on the server using ICCP protocol.
Client and server may be located in different control centers; in this case, ICCP is integrated into a control system provided via gateway product or as software for communication between different control centers. ICCP basically defines predefined communication format and syntax for smooth client-server communication and interoperability between two or more control centers. What HTTP is to the browser-server communication model for the internet, ICCP is to the client-server communication model in an ICS/SCADA network.
Although ICCP was primarily a unidirectional client/server protocol, modern implementations support bidirectional communication over the same connection line. ICCP functions at the transport layer of the ISO/OSI model (Open Systems Interconnection model) and runs on port number 102.
Authorization and access control
Since ICCP is responsible for sending and receiving data between two or more control centers, proper access control and authorization must be defined and implemented for accessing and modifying the data between two or more control centers. ICCP does this by maintaining a record in a table named “Bilateral Tables.”
A Bilateral Table implements proper rules and agreement for accessing data between two or more control centers. Whenever a new request is received for accessing the data, ICCP refers to Bilateral Tables and accordingly accepts or rejects the request based on the predefined rule sets in the table.
Like other ICS/SCADA protocols, ICCP has shortcomings when talking about security. ICCP is susceptible to session hijacking, spoofing because of following security concerns:
- No authentication and encryption: ICCP does not provide authentication and encryption. Authentication and encryption are usually managed by low-level protocols. A secure ICCP version also exists but has not been widely deployed/implemented
- Lack of security for Bilateral Tables: ICCP does not implement enough security for Bilateral Tables. If an attacker is able to access and modify the entries, he can access and modify the data of any control center
- Accessibility: Since ICCP is a Wide Area Network protocol, it makes ICCP susceptible to attacks like MITM (Man-in-the-Middle), DoS and DDoS
Security recommendations for an ICCP network
The following are the few of the guidelines for protecting a network where ICCP is being used:
- Secure ICCP should be used to prevent authentication and encryption
- Timely penetration testing should be performed for an ICCP network since a number of issues have been found in ICCP networks
- Servers should be patched, and hardening should be done
- Extra attention should be paid while implementing Bilateral Tables
- All authentication and authorization to the server should be guarded and monitored using IDS/IPS and a firewall. Digital Bond has Snort-compatible IDS signatures for detecting various attacks related to ICCP
ICCP is one of the best and most viable options currently for implementing and managing communication between two or more control centers, and it is widely being used in ICS/SCADA networks. If given a choice, ICCP should be preferred because of the interoperability between two control centers; however, all of the security concerns and issues should be properly addressed before implementation in any network.
- IEC 60870-6-593, IEC
- Inter-Control Center Communications Protocol (ICCP, TASE.2): Threats to Data Security and Potential Solutions, EPRI
- The LiveData ICCP Server: A Configuration-Driven ICCP Solution that Minimizes Code Development, LiveData
- Secure ICCP Integration Considerations and Recommendations, Sandia National Laboratories