Executive Summary

Electric utilities monitor substations over DNP3, building management systems read sensors via BACnet, and water treatment facilities rely on IEC 60870-5-104 for telecontrol. The underlying requirement is the same: deterministic, secure, standards-compliant data exchange between field equipment and supervisory systems.

S1 Foundry provides unified connectivity across four major SCADA protocols through a consistent handler-based architecture. Each protocol module exposes its capabilities through the standard IHardwareModule interface, uses typed request/response messages, and includes a simulated transport for offline development. The result is a single programming model that spans DNP3, IEC 61850, IEC 60870-5-104, and BACnet through 49 handlers. The handler suite is covered by 566 automated tests.

1. Protocol Overview

S1 Foundry covers four widely deployed SCADA and telecontrol protocols. Each protocol module is independently deployable and includes its own transport abstraction, message handlers, and test suite.

S1.Handlers.Dnp3

DNP3 (IEEE 1815) master-station implementation. Class-based polling, unsolicited responses, file transfer, secure authentication SA v5, and TLS transport. 11 handlers.

S1.Handlers.Iec61850

IEC 61850 substation automation. MMS read/write, GOOSE fast tripping, sampled values for current/voltage digitization, and report control blocks. 13 handlers.

S1.Handlers.Iec60870

IEC 60870-5-104 telecontrol over TCP/IP. Single/double/step commands, setpoint control, time synchronization, and general interrogation. 12 handlers.

S1.Handlers.Bacnet

BACnet (ASHRAE 135) building automation. BACnet/IP and BACnet/MSTP transport, property read/write, COV subscriptions, and Who-Is device discovery. 13 handlers.

DNP3 (IEEE 1815)

Originally developed for electric utility SCADA, DNP3 is the dominant telecontrol protocol in North American power systems and water/wastewater infrastructure.

The S1 DNP3 module provides 11 handlers that cover full master-station functionality: integrity polls, event polls per class, direct operate and select-before-operate control modes, analog output setpoints, file directory listing, file upload, file download, cold and warm restart commands, and time synchronization. TLS transport is supported for encrypted communication channels.

IEC 61850

IEC 61850 is the global standard for substation automation and protection, mandated by utilities in Europe, Asia-Pacific, and increasingly in the Americas. The standard defines three communication profiles: MMS (Manufacturing Message Specification) for real-time data access and control, GOOSE (Generic Object Oriented Substation Event) for fast peer-to-peer tripping with sub-4ms latency, and Sampled Values for the digitization of current and voltage waveforms from merging units and instrument transformers.

The S1 IEC 61850 module provides 13 handlers: MMS data read and write for logical node attributes, GOOSE publish and subscribe for protection signaling, sampled value stream reception, report control block configuration and data retrieval, dataset management, control operations with command termination feedback, setting group management, and logical device directory browsing.

IEC 60870-5-104

IEC 60870-5-104 is the TCP/IP extension of IEC 60870-5-101, widely deployed in European and Asian SCADA master stations for telecontrol of power systems, water treatment plants, and gas distribution networks. The protocol carries the same ASDU (Application Service Data Unit) payload as IEC 101 but runs over TCP port 2404, enabling standard IP networking infrastructure.

The S1 IEC 60870 module provides 12 handlers: single command, double command, and step command for binary and multi-position control outputs; setpoint commands for normalized, scaled, and short floating-point analog outputs; general interrogation for full station state retrieval; counter interrogation for integrated totals; clock synchronization; and connection management with configurable T1/T2/T3 timers and k/w windowing parameters.

BACnet (ASHRAE 135)

BACnet is the ASHRAE/ISO standard for building automation and control networks, covering HVAC systems, lighting control, fire and life safety, access control, and energy metering. BACnet/IP runs over UDP port 47808, while BACnet/MSTP uses RS-485 serial links for field-level device communication. The object model defines standardized object types (Analog Input, Binary Output, Schedule, Trend Log, and others) with well-defined property sets.

The S1 BACnet module provides 13 handlers: property read (ReadProperty and ReadPropertyMultiple), property write (WriteProperty and WritePropertyMultiple), COV (Change of Value) subscription management for event-driven monitoring, Who-Is/I-Am device discovery, Who-Has/I-Have object discovery, object list retrieval, alarm and event management, trend log access, schedule read/write, and time synchronization. Both BACnet/IP and BACnet/MSTP transports are supported.

2. Architecture

All four SCADA protocol modules share the same architectural patterns used throughout S1 Foundry. This consistency means that engineers who have worked with any other S1 handler module — instruments, environmental chambers, motion controllers — can adopt the SCADA modules without learning a different programming model.

Unified IHardwareModule Interface

Every SCADA protocol handler implements the IHardwareModule interface, exposing ConnectAsync, DisconnectAsync, and IsConnected alongside protocol-specific operations. This uniform contract enables generic module management code — connection pools, health monitors, and lifecycle orchestrators — to work with any protocol handler without type-specific branching.

Transport Abstraction

Each protocol module defines its own transport interface (IDnp3Transport, IIec61850Transport, IIec60870Transport, IBacnetTransport) that encapsulates the wire-level communication details. Production transports handle TCP socket management, TLS negotiation, and protocol framing. Simulated transports return deterministic responses for offline development and automated testing.

Application Code | +-- IHardwareModule (ConnectAsync, DisconnectAsync, IsConnected) | | | +-- IDnp3Handler / IIec61850Handler / IIec60870Handler / IBacnetHandler | | | +-- Protocol-specific operations (typed request/response) | +-- Transport Layer | +-- Production Transport (TCP/TLS, protocol framing) +-- Simulated Transport (deterministic responses, no hardware)

Message Handler Pattern

Each handler method accepts a strongly-typed request object and returns a strongly-typed response object. Request objects carry all parameters needed for the operation (point addresses, control values, timeout durations). Response objects carry the result data along with status information. This pattern eliminates untyped dictionary lookups and provides compile-time verification of message contracts.

Thread Safety

All handler implementations are thread-safe. Connection state is tracked through volatile fields. Point databases and subscription registries use ConcurrentDictionary for lock-free concurrent access. Reference count operations use Interlocked methods. Multiple threads or async continuations can invoke handler methods concurrently without external synchronization.

Consistent programming model: The same connect/disconnect lifecycle, the same typed request/response pattern, and the same transport abstraction apply across all four protocols. Protocol-specific behavior is confined to the handler implementations — the surrounding infrastructure code remains protocol-agnostic.

3. Security Hardening

SCADA protocols carry control commands that operate physical infrastructure. A malformed setpoint, an unauthorized control operation, or a spoofed measurement can have real-world consequences. Each S1 SCADA module includes protocol-specific security measures that go beyond basic input validation.

DNP3 Security

IEC 61850 Security

IEC 60870-5-104 Security

BACnet Security

Defense in depth: Security validation occurs at the handler level, before data reaches the transport. This means the same protections apply regardless of whether the handler is connected to a production transport or a simulated transport, and validation logic is exercised by the test suite on every build.

4. Testing Infrastructure

Each SCADA protocol module includes a comprehensive test suite that runs against simulated transports, requiring no physical SCADA equipment. Tests cover happy-path operations, error conditions, edge cases, and security boundary enforcement.

Test Distribution

Module Handlers Tests Coverage Focus
S1.Handlers.Dnp3 11 203 Polling, control, file transfer, SA v5, TLS
S1.Handlers.Iec61850 13 123 MMS, GOOSE, sampled values, reports, datasets
S1.Handlers.Iec60870 12 109 Commands, setpoints, interrogation, clock sync
S1.Handlers.Bacnet 13 131 Property R/W, COV, discovery, schedules, trends
Total 49 566

Test Categories

Simulated Transports

Each protocol module includes a simulated transport implementation that produces deterministic responses without requiring physical SCADA equipment. Simulated transports are used for unit testing, integration testing during CI/CD pipeline execution, and offline sequence development. They model realistic response patterns including configurable delays, protocol-level error injection, and state-dependent behavior (for example, a simulated DNP3 outstation that maintains event buffers across poll cycles).

5. Use Cases

The four SCADA protocol modules cover the communication requirements of most industrial verticals. The following scenarios illustrate how the modules combine to address real-world integration challenges.

Electric Utility Substation Monitoring

A typical utility substation deployment uses DNP3 for SCADA master communication with RTUs (Remote Terminal Units) and IEC 61850 for intra-substation protection and automation. The S1 DNP3 handlers poll RTUs for analog measurements and binary status points, while the IEC 61850 handlers subscribe to GOOSE messages for protection relay status and read MMS data attributes for real-time measurements from IEDs (Intelligent Electronic Devices). Combining both protocols in a single test program enables end-to-end validation of the substation communication infrastructure.

Water Treatment Plant SCADA

Water and wastewater facilities frequently use DNP3 for wide-area SCADA between the central control room and remote pump stations, combined with IEC 60870-5-104 for telecontrol links to treatment process PLCs. The S1 DNP3 module handles polling of remote sites over WAN links, while the IEC 60870 module manages local plant control — setpoint commands for chemical dosing, valve positions, and pump speed control. Simulated transports allow the entire communication architecture to be tested before field deployment.

Building Management System Integration

The S1 BACnet module provides the full range of building automation operations for commercial and institutional buildings: reading sensor values through ReadPropertyMultiple, writing setpoints through WriteProperty with priority array support, monitoring state changes through COV subscriptions, discovering devices through Who-Is broadcasts, and accessing historical data through trend log reads. Integration testing validates that the BMS communication layer correctly handles the building's object model before commissioning.

Multi-Protocol Gateway Testing

Protocol gateways that translate between SCADA protocols (for example, DNP3-to-IEC 61850 or BACnet-to-IEC 60870) require testing from both sides of the translation boundary. The S1 SCADA modules enable a single test program to act as both the source-protocol master and the destination-protocol client, injecting traffic on one side and verifying the translated output on the other. This approach eliminates the need for separate test tools per protocol and produces deterministic, repeatable gateway validation.

Protocol combinations: Because all four modules share the same IHardwareModule interface and lifecycle pattern, mixing protocols within a single test program requires no special infrastructure. Connect the handlers, execute operations, and verify results — the programming model is the same regardless of the underlying protocol.

6. Getting Started

Evaluating the SCADA protocol modules requires the S1 Foundry platform. Each protocol module is distributed as an independent NuGet package that can be added to an existing S1 project.

NuGet Packages

S1.Handlers.Dnp3 DNP3 master-station handlers
S1.Handlers.Iec61850 IEC 61850 substation automation handlers
S1.Handlers.Iec60870 IEC 60870-5-104 telecontrol handlers
S1.Handlers.Bacnet BACnet building automation handlers

Basic Configuration

Each protocol handler is constructed with a transport instance and protocol-specific configuration. A minimal setup for an IEC 60870-5-104 handler looks like this:

var transport = new Iec60870TcpTransport(
    hostname: "192.168.1.100",
    port: 2404,
    timeout: TimeSpan.FromSeconds(10)
);

var handler = new SingleCommandHandler(transport);
await handler.ConnectAsync();

var result = await handler.ExecuteAsync(new SingleCommandRequest
{
    CommonAddress = 1,
    InformationObjectAddress = 100,
    State = true,
    CommandQualifier = CommandQualifier.ShortPulse
});

await handler.DisconnectAsync();

The same pattern applies to all four protocols — construct a transport, create the handler, connect, execute typed operations, and disconnect. Replace the transport with a simulated implementation for offline development and testing.

Evaluation Steps

  1. Download S1 Foundry from the downloads page. The installer includes all SCADA protocol modules and simulated transports.
  2. Add the NuGet package for the target protocol to your project. Each module is self-contained with no cross-protocol dependencies.
  3. Configure the transport with the target device hostname, port, and timeout. For offline evaluation, use the simulated transport included in each package.
  4. Build a test sequence using the handler methods. Start with connection lifecycle (connect, execute a read operation, disconnect) and expand to control operations and event monitoring.
  5. Run against simulated transports to validate sequence logic before connecting to physical SCADA equipment.

Documentation

Evaluating S1 Foundry for SCADA integration

Talk to the engineering team about connecting S1 Foundry to your DNP3, IEC 61850, IEC 60870-5-104, or BACnet infrastructure.