Search Results (131)

The increasing digitalization of electrical substations, enabled by IEC 61850-based architectures, has improved operational efficiency while expanding the cyber attack surface. This paper introduces a standards-aligned cybersecurity risk mitigation model specifically designed for digital substations and mapped to representative attack scenarios. The model integrates preventive, detective, and application-level controls derived from NIST SP 800-82r3, IEC 62443, and ISO/IEC 27019, and is validated in a laboratory process-bus environment. A baseline risk assessment identified four high-risk scenarios in the studied digital substation architecture. For validation, a selected subset of controls was experimentally evaluated against two representative attack vectors, namely false data injection (FDI) on GOOSE messages and denial-of-service (DoS) against PTP synchronization. For the remaining scenarios, the post-mitigation effects were reassessed analytically based on control coverage, architectural exposure, and standards-aligned cybersecurity reasoning. The experimental validation demonstrated that both empirically tested high-risk scenarios (FDI on GOOSE and DoS on PTP) were effectively mitigated, reducing their residual risk to moderate and low levels, respectively. For the remaining two scenarios, a post-mitigation analytical reassessment based on control coverage and architectural exposure suggested a consistent risk reduction trend, although without direct experimental confirmation. Under this combined empirical–analytical assessment, the number of high-risk scenarios decreased from four to one, corresponding to a 50% experimentally validated reduction in high-risk exposure, complemented by an analytical reassessment of the remaining scenarios. These results provide quantitative evidence about the effectiveness of the model, even with partial implementation. The scientific contribution of this study lies in integrating multistandard cybersecurity requirements into an operational mitigation model tailored to IEC 61850 substations, combined with experimental risk quantification in a realistic process-bus testbed. The proposed model offers practical guidance for utilities and establishes a scalable foundation for advancing cybersecurity in critical power infrastructure. Full article

The increasing digitalization of energy transmission and distribution infrastructures has made industrial control systems (ICS), and especially IEC 61850-based communication structures, critical. IEC 61850 performs protection and control functions in substations in real time via GOOSE and MMS protocols. The fast and low-latency operation of these protocols is essential; however, their open structure leaves systems vulnerable to cyberattacks. Traditional signature-based solutions are insufficient for detecting such anomalies, and models capable of learning both time and state relationships are needed. This study develops a time-aware probabilistic NFA model to detect anomalous behavior in IEC 61850 traffic. The model analyzes GOOSE and MMS message sequences with both state transitions and time differences (Δt). Thus, not only the message sequence but also the timing variations between events are learned. The probability of each transition is dynamically updated, and deviations from normal behavior are marked as “anomalies”. The dataset used in this study was created based on normal and attack scenarios conducted in the Sakarya University Critical Infrastructure National Testbed Center Energy Laboratory (Center Energy). The experimental results obtained in the study show that the model detects time-based, structural, and behavioral anomalies with high accuracy. With a dual-model configuration, results of 91.7% accuracy, 88.9% precision, 100% recall, and a 94.1% F1-score were achieved; particularly in time-based attack scenarios, the model performance reached an accuracy level of up to 93%. Full article

To develop secure, fast, and interoperable smart substations, it is vital to understand the current situation and potential future directions of the technologies involved. This study presents the evolution and state of the art of the Generic Object Oriented Substation Event (GOOSE) communication protocol, defined by the International Electrotechnical Commission (IEC) 61850 standard. A Systematic Literature Review (SLR) was conducted following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) protocol. This included journal articles published from 2004 to 2025 and conference papers from 2020 to 2025, written in English within Engineering. Only studies primarily focusing on GOOSE, citing it at least ten times, and indexed in the Scopus, IEEE Xplore, and Web of Science databases were included. The quantitative analysis used SciMAT software, complemented by a qualitative analysis. Due to the bibliometric and thematic nature of this review, potential biases were considered at the review level rather than by applying a formal study-level risk-of-bias tool. The final analysis comprised 82 journal articles and 84 conference papers. The results offer a comprehensive mapping of GOOSE research evolution, identify nine main challenges and limitations from the last 22 years, and highlight current research directions. The literature reveals methodological heterogeneity, a predominance of simulation-based approaches, and limited large-scale empirical validation. Full article

In modern industrial systems, including power system automation, it is important to ensure that new standards are able to communicate with the older ones. IEC 61850 standard has been gaining significant ground in power system automation due to it is object-oriented design. In line with its exponential growth, it is imperative to integrate IEC 61850 with other information exchange approaches. Modbus is a very robust communication protocol that uses registers. Since it can be deployed in a cost-effective way, it is widely used in older or lower-cost devices. Unlike IEC 61850, which supports real-time communication, Modbus envisions a trigger-based communication style. All of these fundamental differences make direct communication between these two protocols nontrivial. In order to address this need, IEC TR 61850-80-5 is developed to give a structured approach for mapping Modbus data into the IEC 61850 data model. This is conducted using a gateway and includes identifying relevant Modbus registers, converting the data format and embedding them into IEC 61850 logical nodes and data attributes. If completed, this allows legacy devices such as meters or sensors running on Modbus to be seamlessly integrated into modern smart-grid systems using IEC 61850. This paper shows how such integration can be performed between smart inverters and the sensors feeding information to them. Firstly, both protocols are introduced. Then, the IEC 618150 modeling of smart inverters is presented. Finally, data mapping is performed between Modbus registers of current- and voltage sensors and the said smart inverter model. A gateway is developed based on this mapping as well. By bridging two widely used protocols, this work supports interoperability, extends the life of existing assets and ensures a smooth transition towards digital power systems. Full article

Currently, the smart grid concept represents the modern vision of an automated and highly adaptable electrical grid. Supervisory control and data acquisition (SCADA) systems are a fundamental component of a smart grid, enabling communication between field equipment and digital environments. For this purpose, they require industrial frameworks, among which IEC 61850 stands out. IEC 61850 has become a widely adopted standard for substation automation systems (SASs). However, despite its widespread adoption, IEC 61850 faces significant implementation challenges, including the potential complexity of data modeling, which often leads to discrepancies in semantic interpretation and, consequently, different readings among SAS configuration users. A disparity in the semantic interpretation of a process can negatively affect SAS operation, leading to execution errors or interoperability issues. Translating and analyzing SAS configurations can identify and resolve semantic interpretation discrepancies across these systems. The purpose of this research was to determine the degree to which a user interface was perceived as useful to support the translation and analysis of SAS configurations based on the IEC 61850 standard. To this end, a software tool was proposed as the central artifact to address the socio-technical dimension of a custom-built SCADA system at a Latin American state enterprise. The tool serves as the local, intelligent, and real-time operational layer in that system and was rated by users experienced with IEC 61850 as highly usable. The consistently obtained results suggest potential support for those performing the SAS configuration. Full article

Hybrid AC/DC microgrids (HMGs) are increasingly recognized as a solution for the transition toward future energy systems because they can combine the efficiency of DC networks with an AC system. Despite these advantages, HMGs still have challenges in protection, cybersecurity, and reliability. Conventional protection schemes often fail due to reduced fault currents and the dominance of power electronic converters in islanded or dynamically reconfigured topologies. At the same time, IEC 61850 protocols remain vulnerable to advanced cyberattacks such as Denial of Service (DoS), false data injection (FDIA), and man-in-the-middle (MITM), posing serious threats to the stability and operational security of intelligent power networks. Previous surveys have typically examined these challenges in isolation; however, this paper provides the first integrated review of HMG protection across three complementary dimensions: traditional protection schemes, cybersecurity threats, and artificial intelligence/machine learning (AI/ML)-based approaches. By analyzing more than 100 studies published between 2012 and 2024, we show that AI/ML methods in simulation environments can achieve detection accuracies of 95–98% with response times under 10 ms, while these values are case-specific and depend on the evaluation setting such as network scale, sampling configuration, noise levels, inverter control mode, and whether results are obtained in simulation, hardware in loop (HIL)/real-time digital simulator (RTDS), or field conditions. Nevertheless, the absence of standardized datasets and limited field validation remain key barriers to industrial adoption. Likewise, existing cybersecurity frameworks provide acceptable protection timing but lack resilience against emerging threats, while conventional methods underperform in clustered and islanded scenarios. Therefore, the future of HMG protection requires the integration of traditional schemes, resilient cybersecurity architectures, and explainable AI models, along with the development of benchmark datasets, hardware-in-the-loop validation, and implementation on platforms such as field-programmable gate array (FPGA) and μPMU. Full article

Distributed energy systems (DES), such as photovoltaics (PV), heat pumps (HPs), and electric vehicles (EVs), are being rapidly integrated into low-voltage (LV) grids, while measurement coverage remains limited. This paper presents a concept for an LV grid digital twin designed to enable real-time state estimation (SE) and operation-oriented studies under constrained measurement availability. Based on this concept, an exemplary digital twin is developed and demonstrated for a test area with a high PV penetration. The proposed digital twin integrates a topology-aware grid model, realistic parameterization, standardized IEC 61850 data modeling, and a real-time estimation pipeline that processes heterogeneous measurement data, including PV inverter power and voltage as well as transformer and feeder measurements. The approach is demonstrated through software-in-the-loop (SIL) experiments using historical playback and accelerated simulations, as well as hardware-in-the-loop (HIL) tests for real-time operation. The SIL results show that the digital twin enables continuous grid monitoring, enhances transparency for distribution system operators (DSOs), and leverages existing infrastructure to increase the effective PV hosting capacity. Selective PV curtailment mitigates congestion and restores normal operation, indicating a potentially cost-effective alternative to grid reinforcement. The HIL experiments emphasize the importance of high-quality, standardized data. The achieved accuracy depends on data availability and synchronization, highlighting the need for improved data integration. Overall, the proposed approach provides a viable pathway toward data-driven planning and operation of LV grids with high DES penetration. Full article

The increasing complexity of modern electrical networks poses significant challenges in terms of monitoring, maintenance, and operational efficiency. However, current planning approaches often lack a unified integration of real-time data and predictive modeling. In this context, Digital Twins (DTs) emerge as a promising solution, as they enable the creation of virtual replicas of physical assets. This research addresses the lack of standardized technical frameworks by proposing a novel mathematical optimization model for grid planning based on DTs. The proposed methodology integrates comprehensive architecture (frontend/backend), specific data standards (IEC 61850), and a linear optimization formulation to minimize operational costs and enhance reliability. Case studies such as DTEK Grids and American Electric Power are analyzed to validate the approach. The results demonstrate that the proposed framework can reduce planning errors by approximately 15% and improve fault prediction accuracy to 99%, validating the DTs as a key tool for the digital transformation of the energy sector towards Industry 5.0. Full article

The increasing complexity of modern electrical substations—driven by renewable integration, advanced automation, and asset aging—necessitates a transition from reactive maintenance toward intelligent, data-driven strategies. Predictive maintenance (PdM), supported by artificial intelligence, enables early fault detection and remaining useful life (RUL) estimation, while Digital Twin (DT) technology provides synchronized cyber–physical representations for situational awareness and risk-free validation of maintenance decisions. This study proposes a five-layer DT-enabled PdM architecture integrating standards-based data acquisition, semantic interoperability (IEC 61850, CIM, and OPC UA Part 17), hybrid AI analytics, and cyber-secure decision support aligned with IEC 62443. The framework is validated using utility-grade operational data from the SS1 substation of the Badra Oil Field, comprising approximately one million multivariate time-stamped measurements and 139 confirmed fault events across transformer, feeder, and environmental monitoring systems. Fault detection is formulated as a binary classification task using event-window alignment to the 1 min SCADA timeline, preserving realistic operational class imbalance. Five supervised learning models—a Random Forest, Gradient Boosting, a Support Vector Machine, a Deep Neural Network, and a stacked ensemble—were benchmarked, with the ensemble embedded within the DT core representing the operational predictive model. Experimental results demonstrate strong performance, achieving an F1-score of 0.98 and an AUC of 0.995. The results confirm that the proposed DT–AI framework provides a scalable, interoperable, and cyber-resilient foundation for deployment-ready predictive maintenance in modern substation automation systems. Full article

IEC 61850 is one of the most accepted standards worldwide for the automation of electrical substations. This standard uses Substation Configuration Language (SCL) for describing the data model and services from electrical substation components, and SCL files are used for the integration of these components throughout the substation. In this context, the integration of bay level Intelligent Electronic Devices (IEDs) into the station level demands a detailed analysis of the IED’s control scope in SCL files and advanced know-how in IEC 61850, increasing the complexity in the engineering process. Hence, this work presents a method to automate the analysis of the control scope of IEDs using SCL files, generating their respective control system object. This is achieved via Machine-Learning (ML) concepts, such as supervised learning and classification algorithms. IEDs used for control and protection of feeder and transformer systems were analyzed, and control system objects were generated for them. The results indicate that the developed method makes it possible to classify the control scope of IEDs using the SCL files from the bay level. This method is a unique development for application in the engineering process of digital substations, reducing the complexity of a critical step towards substation automation. Full article

Industrial Control Systems (ICS) are fundamental to the operation, monitoring, and automation of critical infrastructure in sectors such as energy, water utilities, manufacturing, transportation, and oil and gas. According to the Purdue Model, ICS encompasses tightly coupled OT and IT layers, becoming increasingly interconnected. Smart grids represent a critical class of ICS; thus, this survey examines encryption and relevant protocols in smart grid communications, with findings extendable to other ICS. Encryption techniques implemented at both the protocol and network layers are among the most effective cybersecurity strategies for protecting communications in increasingly interconnected ICS environments. This paper provides a comprehensive survey of encryption practices within the smart grid as the primary ICS application domain, focusing on protocol-level solutions (e.g., DNP3, IEC 60870-5-104, IEC 61850, ICCP/TASE.2, Modbus, OPC UA, and MQTT) and network-level mechanisms (e.g., VPNs, IPsec, and MACsec). We evaluate these technologies in terms of security, performance, and deployability in legacy and heterogeneous systems that include renewable energy resources. Key implementation challenges are explored, including real-time operational constraints, cryptographic key management, interoperability across platforms, and alignment with NERC CIP, IEC 62351, and IEC 62443. The survey highlights emerging trends such as lightweight Transport Layer Security (TLS) for constrained devices, post-quantum cryptography, and Zero Trust architectures. Our goal is to provide a practical resource for building resilient smart grid security frameworks, with takeaways that generalize to other ICS. Full article

In the classic energy sector, as well as in the manufacturing and process industries, Programmable Logic Controller (PLC) systems are used for electrical substation control. However, PLCs frequently do not support the communication protocols defined on the standard International Electrotechnical Commission (IEC) 61850. Therefore, this paper presents a vendor-independent method for the integration of Protection and Control (P&C) Intelligent Electronic Devices (IEDs), components of the substation bay level, in PLCs from the substation station level. The method can be used with legacy and modern controllers that offer an open communication interface, where the use of Transmission Control Protocol/Internet Protocol (TCP/IP) is supported. Since many legacy systems offer an open communication interface, this method makes it possible to reuse PLCs, bringing cost efficiency and ecological benefits. The method can be used in a single or redundant way since redundancy is always required in power distribution control. A prototype was developed for the integration over IEC 61850 Manufacturing Message Specification (MMS), and its functional validation is presented in this paper. This solution, besides reducing hardware and software acquisition costs, also contributes to a reduction in electronic waste (E-Waste) and the achievement of Sustainable Development Goals (SDGs). Full article

Green buildings increasingly couple electrical, thermal, and hydrogen subsystems, yet these assets are typically monitored and controlled through separate standards and protocols. The resulting heterogeneous information models and communication stacks hinder millisecond-level coordination, plug-and-play integration, and resilient operation. To address this gap, we develop a unified information model and a cross-protocol real-time interaction mechanism based on extensions of IEC 61850. At the modeling level, we introduce new logical nodes and standardized data objects that describe electrical, thermal, and hydrogen devices in a single semantic space, supported by a global unit system and knowledge-graph-based semantic checking. At the communication level, we introduce a semantic gateway with adaptive mapping bridges IEC 61850 and legacy building protocols, while fast event messaging and 5G-enabled edge computing support deterministic low-latency control. The approach is validated on a digital-twin platform that couples an RTDS-based multi-energy system with a 5G test network. Experiments show device plug-and-play within 0.8 s, cross-protocol response-time differences below 50 ms, GOOSE latency under 5 ms, and critical-data success rates above 90% at a bit-error rate of 10⁻³. Under grid-fault scenarios, the proposed framework reduces voltage recovery time by about 60% and frequency deviation by about 70%, leading to more than 80% improvement in a composite resilience index compared with a conventional non-unified architecture. These results indicate that the framework provides a practical basis for interoperable, low-carbon, and resilient energy management in green buildings. Full article

The rapid integration of wind power plants (WPPs) into modern electrical power systems (MEPSs) is crucial to global decarbonization, but it introduces significant technical challenges. Variability, intermittency, and forecasting uncertainty compromise frequency stability, voltage regulation, and grid reliability, particularly at high levels of renewable energy integration. To address these issues, adaptive control strategies have been proposed at the turbine, plant, and system levels, including reinforcement learning-based optimization, cooperative plant-level dispatch, and hybrid energy schemes with battery energy storage systems (BESS). At the same time, interoperability frameworks based on international standards, notably IEC 61850 and IEC 61400-25, provide the communication backbone for vendor-independent coordination; however, their application remains largely limited to monitoring and protection, rather than holistic adaptive operation. Real-Time Automation Controllers (RTACs) emerge as promising platforms for unifying monitoring, operation, and protection functions, but their deployment in large-scale WPPs remains underexplored. Validation of these frameworks is still dominated by simulation-only studies, while real-time digital simulation (RTDS) and hardware-in-the-loop (HIL) environments have only recently begun to bridge the gap between theory and practice. This review consolidates advances in adaptive control, interoperability, and validation, identifies critical gaps, including limited PCC-level integration, underutilization of IEC standards, and insufficient cyber–physical resilience, and outlines future research directions. Emphasis is placed on holistic adaptive frameworks, IEC–RTAC integration, digital twin–HIL environments, and AI-enabled adaptive methods with embedded cybersecurity. By synthesizing these perspectives, the review highlights pathways toward resilient, secure, and standards-compliant renewable power systems that can support the transition to a low-carbon future. Full article

This paper analyses the parameterisation of protective relays in industrial power distribution stations, focusing on the quantitative relationship between network load and protection system response time. Laboratory simulations using a dedicated automation cabinet and varying network configurations (six streams at 80 samples/cycle and two to four streams at 256 samples/cycle) revealed a clear correlation: higher network loads lead to longer trip times. Under maximum load (four streams, 256 samples/cycle), response times reached up to 63.75 ms. These delays stemmed from network congestion rather than relay instability. The extended clearing times increased the short-circuit energy (I²t) by approximately 35% on average and over 55% in critical scenarios, requiring upsizing of PVC-insulated conductors from 16 mm² to 25 mm² to maintain short-circuit withstand capacity. The findings demonstrate the practical impact of network-induced delays on protection performance, thermal stress, and cable sizing, providing a basis for optimising relay settings and system configuration in modern digital power distribution networks. Full article