Fig. 1: An electrical substation grid test bed is safeguarded with the Cyber Grid Guard system at the Advanced Protection Laboratory at Oak Ridge National Laboratory. Shown are: (1) real-time simulator; (2) 5 A amplifiers; (3) 1 A/120 V amplifiers; (4) power source; (5) clock antenna; (6) primary display clock; (7) SEL-451 relays from Schweitzer Engineering Laboratories, Inc. (SEL); (8) ethernet switch; (9) SEL-735 meters; (10) SEL-3530-4 real-time automation controller (RTAC); (11) SEL-734 meters; (12) secondary display clock; (13) SEL-3555 RTAC; (14) supervisory control and data acquisition screen; (15) distributed ledger technology (DLT) screen; (16) CISCO ethernet switches; (17) DLT devices; (18) host computer; (19) human-machine interface computer; (20) DLT computer; (21) SEL Blueframe computer; (22) real-time simulation monitor; and (23) event detection monitor.
Modern electrical grids have intelligent electronic devices (IEDs), such as protective relays, that use internal logic to detect electrical faults. The electrical grid’s power supply, communications, and control architectures have become increasingly complex, in large part because of the integration of distributed energy resources (DERs). This has made it more difficult to detect faults, and it has increased the vulnerabilities of communications and control systems to cyber-attack. To address this, Oak Ridge National Laboratory (ORNL) researchers Gary Hahn, Emilio Piesciorovsky, Raymond Borges Hink, and Aaron Werth have developed a new system, Cyber Grid Guard (CGG), to augment existing electrical fault detection systems. Their findings, published in the journal Electrical Power and Energy Systems, describe this new system. It uses advanced technology to detect and confirm electrical faults in medium-voltage grids, making power systems more secure and reliable. A power grid outfitted with the Cyber Grid Guard system is shown in Fig. 1.
The ORNL team developed the Cyber Grid Guard system as a backup tool to support existing fault detection methods. The team tested this system in a simulated environment designed to replicate the conditions of medium-voltage electrical substations, which are facilities that manage the distribution of electricity from power plants to local areas. “Our approach ensures not only fault detection but also the integrity and security of the data used in these critical assessments,” Hahn stated.
The researchers demonstrated the system’s ability to identify electrical faults by analyzing data from specialized communication signals. These signals, known as Generic Object-Oriented Substation Event (GOOSE) messages, are rapid digital communications that relay critical operational updates within power grids. Cyber Grid Guard uses distributed ledger technology—a secure system that creates an unchangeable and decentralized record of data to ensure accuracy and transparency—to check and confirm that all information used in fault detection remains accurate and is not subject to tampering.
Four types of electrical faults were tested, such as for issues involving one or multiple electrical phases, which refer to the individual power lines within an electrical system. Cyber Grid Guard successfully identified and confirmed each fault. Unlike traditional methods that rely solely on the internal mechanisms of power grid devices, Cyber Grid Guard operates independently, offering an extra layer of accuracy and security. This independent operation is especially valuable in cases where errors, misconfigurations, or cyberattacks might compromise the main fault-detection systems. Cyber Grid Guard is not meant to replace existing systems but rather is designed to augment, and thus enhance, their performance by filling potential gaps in fault diagnosis.
Central to the system’s effectiveness is its ability to verify data integrity. Cyber Grid Guard uses cryptographic techniques—methods that encode information for security purposes—to ensure that all information remains secure and cannot be altered without detection. “This integration of cybersecurity principles with electrical fault detection provides a robust safeguard against increasingly sophisticated
cyberthreats,” Hahn explained.
Researchers are planning to expand the system’s capabilities to address the growing complexity of power grids. Renewable energy sources such as solar and wind power are becoming more common, and with them come new challenges in grid management. The researchers envision Cyber Grid Guard as a tool that not only detects faults but also continuously monitors grid performance to ensure consistent operation and stability.
Power grids face increasing demands for security and resilience (i.e., their ability to withstand and recover from disruptions), and technologies like Cyber Grid Guard play a critical role in meeting these challenges. The researchers’ work demonstrates combining advanced fault detection methods with strong data security practices to address longstanding issues and evolving challenges in power system reliability.
Journal Reference
Gary Hahn, Emilio Piesciorovsky, Raymond Borges Hink, Aaron Werth, “Detection of Faulted Phases in a Medium-Voltage Main Feeder Using the Cyber Grid Guard System with Distributed Ledger Technology,” Electrical Power and Energy Systems, 2024. DOI: https://doi.org/10.1016/j.ijepes.2024.110162
Acknowledgments
This research is supported by the US Department of Energy (DOE), Office of Electricity, under Contract DE-AC05-00OR22725 with UT-Battelle, LLC, for the US DOE. This manuscript has been authored by UT-Battelle, LLC, under Contract DE-AC05-00OR22725 with the US Department of Energy (DOE). The US government retains and the publisher, by accepting the article for publication, acknowledges that the US government retains a nonexclusive, paid-up, irrevocable, worldwide license to publish or reproduce the published form of this manuscript, or allow others to do so, for US government purposes. DOE will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-access-plan).
About the Authors
Gary Hahn is a research software engineer in the Grid Communications and Security Group at ORNL. His background and research interests include data engineering, Industrial Internet of Things, supervisory control and data acquisition, and embedded software. He has a BS in computer science from the University of Tennessee, Knoxville. He was part of a team that won an R&D 100 Award in 2019. Contact: hahng@ornl.gov
Emilio C. Piesciorovsky graduated with a BS in electrical engineering from the National Technological University, Argentina (1995). He received his MS in international marketing from La Plata National University, Argentina (2001). He worked as an engineer for Pirelli Power Cables and Systems, SDMO Industries, ABB, and Casco Systems. After receiving his MS (2009) and PhD (2015) in electrical engineering from Kansas State University, he worked as a postdoc at Tennessee Technological University and ORNL. He is currently a professional technical staff member and lab space manager in the power system protection area at ORNL. He is the author/coauthor of more than 50 publications and is an Institute of Electrical and Electronics Engineers senior member. Contact: piesciorovec@ornl.gov
Raymond Borges Hink is a cybersecurity research scientist at ORNL and co-principal investigator for several efforts in the areas of cybersecurity for cyber-physical systems, developing analytics for distributed systems, and detection algorithms for anomalies in the electric energy grid. As co-principal investigator, he has developed proposals that received more than $6 million in funding. Through these projects, Raymond collaborates with scientists, engineers, and technicians from Duke University; Electric Power Board of Chattanooga, Tennessee; the Department of Energy’s Office of Electricity; and the Department of Homeland Security’s Science and Technology Directorate. He has authored several publications in these fields, and he holds multiple IT and security certifications from Microsoft and CompTIA. Contact: borgesrc@ornl.gov
Aaron W. Werth is a researcher at ORNL whose efforts focus on cybersecurity for critical infrastructure, including power grids. He received his PhD in computer engineering from the University of Alabama, Huntsville, where he developed test beds for supervisory control and data acquisition systems and for experimental intrusion prevention systems. He received the CyberCorps Scholarship for Service and completed internships at the Tennessee Valley Authority and Sandia National Laboratories. He received an MS in electrical engineering, with a focus in cyber-physical systems, from Vanderbilt University and a BS in electrical engineering from the University of Alabama, Huntsville. Contact: werthaw@ornl.gov
