IEC 60870-5-104
The TCP/IP companion standard of the IEC 60870-5 telecontrol family — common in European transmission for SCADA-to-RTU traffic. Plain-text by default; secured by IEC 62351-3/-5.
Also: 60870-5-104, 104, IEC 104
IEC 60870-5-104 is the TCP/IP companion standard of the IEC 60870-5 telecontrol family — the European-favoured equivalent of DNP3. It carries telemetry and control between SCADA masters and field devices over TCP port 2404.
Where it sits
In a typical European transmission control architecture, IEC 60870-5-104 is the protocol between an RTU (or virtualised RTU) and the SCADA front-end. The serial predecessor — IEC 60870-5-101 — is still in widespread use on legacy assets and leased-line links, but new deployments are almost all -104 over TCP/IP.
DNP3 versus 60870-5-104
The two standards do similar jobs and split the world geographically:
| DNP3 | IEC 60870-5-104 | |
|---|---|---|
| Origin | Westronic (1990), DNP Users Group | IEC TC 57 |
| Geography | UK distribution, North America | European transmission |
| Standardised as | IEEE 1815-2012 | IEC 60870-5-104 |
| Default port | TCP/20000 | TCP/2404 |
| Security | DNP3 SA / IEC 62351-5 | IEC 62351-3 (TLS) + IEC 62351-5 |
The choice between them is usually historical accident plus vendor lock-in rather than technical merit.
The security gap
Like DNP3, IEC 60870-5-104 was originally specified without authentication or encryption. The mitigations available today are:
- TLS under IEC 62351-3 wrapping the TCP socket.
- Network-layer protection — IPsec, MACsec, MPLS isolation — at the WAN layer.
Most GB and EU operators rely on the network-layer option because gateway firmware that supports IEC 62351 is patchy in the installed base. The pattern is the same as with DNP3 SA: the standard has existed for years; the install base hasn’t caught up.