IEC 104 News 2025: Latest Updates to IEC 60870-5-104 Standard, Security Extensions & Testing Tools

By | November 14, 2025
0 Comment

The IEC 60870-5-104 protocol remains one of the most widely implemented telecontrol standards in SCADA systems for electric power transmission and distribution. It extends IEC 60870-5-101 for operation over TCP/IP, enabling real-time data exchange between control centers and remote terminal units (RTUs).

As of November 2025, the IEC 104 base standard itself has not changed, but significant progress has occurred across security extensions, interoperability testing, and implementation practices.

State of the Standard in 2025

Edition Status

  • IEC 60870-5-104 Edition 2.0 (2006) remains the current core version.
  • Amendment 1 (2016) is still the latest modification.
  • No Edition 3.0 or amendment proposals have been announced in 2025.

This stability means utilities and vendors can maintain long-term compatibility while newer security enhancements are implemented via supplementary specifications, not by altering the protocol’s fundamental behavior.

Major 2025 Development: IEC TS 60870-5-7 Edition 2.0

On March 18, 2025, the IEC released IEC TS 60870-5-7:2025 (Edition 2.0)—the most important update connected to IEC 104 this year.

Purpose

The technical specification provides security extensions to IEC 60870-5-101 and IEC 60870-5-104 by applying IEC 62351 (the IEC’s cybersecurity framework for power systems).

Key Enhancements Introduced

  • Alignment with IEC 62351-3:2023 (Transport layer security)
  • Alignment with IEC 62351-5:2023 (Secure authentication for telecontrol protocols)
  • Detailed application and transport layer profiles for IEC 101/104 security
  • Session Initiation Request mechanism for connection reestablishment
  • Multicast security for unbalanced IEC 101 modes
  • Built-in role-based access control (RBAC) based on IEC 62351-8
  • Updated message formats for stronger integrity and authentication

What It Does Not Do

  • It does not change the IEC 104 base protocol
  • It does not require replacing existing systems
  • It acts as a security wrapper/extension, allowing gradual adoption

This makes IEC TS 60870-5-7:2025 the central cybersecurity update for utilities using IEC 104 in the near term.

Complementary Developments in Interoperability & Testing

DNV Test Register Update (February 2025)

DNV refreshed its IEC 60870-5 conformance test register, listing new approved devices for IEC 104.
This supports:

  • vendor interoperability
  • quality assurance
  • procurement validation
  • regulatory compliance

European Corrigendum (AC:2024)

A minor corrigendum to SIST EN 60870-5-104:2007/A1:2017 clarified technical text without modifying requirements.

Library & Tool Updates (2024–2025)

  • libiec61850 v2.3.3 (Feb 2025)
    • Adds TLS 1.3 for improved IEC 104 security integration
  • MZ Automation updated its IEC 60870-5 library, including security improvements
  • Beckhoff TwinCAT continues IEC 104 support (no major 2025 changes)
  • Community discussions (2024–2025) highlight practical configuration challenges, not standard flaws

These updates strengthen the ecosystem around IEC 104 while leaving the base protocol untouched.

Implications for Utilities and Vendors

Why These Changes Matter

The IEC’s direction in 2025 emphasizes:

  • security hardening, not functional redesign
  • interoperability validation (DNV)
  • incremental upgrades, enabling utilities to enhance cybersecurity without breaking compatibility

Practical Considerations

Organizations implementing IEC 104 should consider:

  • reviewing compatibility with IEC TS 60870-5-7 security profiles
  • assessing RTUs/IEDs for IEC 62351-aligned authentication capabilities
  • updating procurement specifications to reference the 2025 technical specification
  • evaluating TLS 1.3 support in vendor libraries
  • verifying conformance through updated DNV listings

This approach mitigates modern cyber risks while retaining stable SCADA operations.

Summary Table of 2025-Relevant IEC 104 Standards Activity

CategoryDetailsStatusRelevance
Core StandardIEC 60870-5-104:2006 + AMD1:2016Unchanged in 2025Stable base protocol
Security ExtensionsIEC TS 60870-5-7:2025 (Ed. 2.0)Published March 2025Major cybersecurity enhancement
Transport/Auth AlignmentIEC 62351-3:2023, -5:2023Integrated into TS 5-7Updated authentication & TLS
RBACIEC 62351-8Adopted in TS 5-7Role-based permissions
Conformance TestingDNV IEC 60870-5 Register (Feb 2025)UpdatedVendor interoperability
European CorrigendumSIST EN 60870-5-104 AC:2024MinorClarifications only
Library Updateslibiec61850 2.3.3 (TLS 1.3)Released 2025Security for implementations

Conclusion

As of 2025, IEC 60870-5-104 remains a stable and widely used telecontrol protocol, with no new core editions or amendments introduced. Instead, the IEC is strengthening the protocol’s cybersecurity posture through IEC TS 60870-5-7:2025, which delivers updated authentication, transport-layer protections, and RBAC aligned with modern IEC 62351 practices.

For utilities, system integrators, and vendors, the key takeaway is clear:

IEC 104 itself is unchanged, but its recommended security architecture has evolved significantly.

Adopting these extensions can provide stronger protection against emerging cyber threats while maintaining compatibility with existing infrastructure.

Blog
Author: Zakaria El Intissar

I'm an automation and industrial computing engineer with 12 years of experience in power system automation, SCADA communication protocols, and electrical protection. I build tools and write guides for Modbus, DNP3, IEC 101/103/104, and IEC 61850 on ScadaProtocols.com to help engineers decode, analyze, and troubleshoot real industrial communication systems.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *