Project

Interoperable,
end-to-end
secured
IT infrastructure for grid operations
from field device to the
SCADA control centre

CloudEnerChain connects IEDs, RTUs, cloud services and grid control technology through an HSM- and TCN-secured interoperability layer, forming an end-to-end chain of trust for KRITIS-compliant grid operations

Illustration of the system landscape from secondary systems through an interoperability layer to digital applications in grid operations.

The energy transition and the large-scale smart meter rollout bring more distributed energy resources (PV, wind, battery storage), controllable loads such as electric vehicles and heat pumps, and significantly growing needs for observability and automation in distribution grid operations. Conventional, unidirectional grid management approaches are reaching their limits.

CloudEnerChain develops a cloud-based interoperability layer with a vendor-agnostic metadata model built on open standards such as IEC 61850 and IEC 61970. Hardware Security Modules (HSM) and Trusted Core Networks (TCN) secure the entire communication chain from IEDs and RTUs via SCADA systems to cloud platforms end to end.

This addresses a central question in grid digitalisation: how can interoperability, cybersecurity and operational value-added services be implemented in a way that meets the availability, real-time capability and KRITIS compliance requirements of grid operations?

State of the art and novel approach

Connected power grids need interoperable architectures and an end-to-end secured chain of trust

IEDs, RTUs, SCADA systems, cloud platforms and IoT devices communicate via protocols such as IEC 61850 and IEC 60870-5-104. Growing digitalisation and bidirectional data exchange raise requirements for interoperability, IT security and verifiable end-to-end communication integrity across all system boundaries.

KRITIS-COMPLIANT POWER GRID ARCHITECTURE HSM-secured trust chain from IEDs and RTUs to the interoperability layer and SCADA control centre IEC 61850 and IEC 60870-5-104. HSM anchors secure identity and integrity across the full chain. CHAIN OF TRUST Secondary Systems Grid and IT Segments Interop Layer Operations & Control Ctr IED IED / RTU Field & substation IEC 61850 GOOSE/SV IT IT / Access Secure gateway from substation togrid IT IT IT / Aggregation Substation and grid segment level IT IT / Core Verification and integrity check HUB Interoperability Layer Vendor-agnostic IEC 61850/61970 metadata model + TCN FW Firewall Protection boundary for segments and gateways SC Control Centre Monitoring, assistance and response HSM HSM HSM HSM CORE IDEA Security is not achieved by a single component, but by continuous HSM-backed verification of identity, integrity and authenticity from the field device across the cloud to the SCADA control centre.
System landscape of a digitally networked power grid: from secondary systems (IEDs, RTUs) via substation control technology and interoperability layer to the SCADA control centre, connected by an HSM-backed end-to-end chain of trust.

State of the art

Modern power grids connect secondary systems (IEDs, RTUs), substation control technology, SCADA systems and cloud platforms via protocols such as IEC 61850, IEC 60870-5-104 and MQTT. Security and information models are often still vendor-specific and poorly interoperable. Vendor lock-in still limits end-to-end solutions

Central gap

Gateways, firewalls and VPN links can secure individual segments, but they do not create a consistent, verifiable end-to-end level of trust from the field endpoint via cloud services to the control centre. Missing open standards deepen this structural security gap

Innovation of CloudEnerChain

CloudEnerChain combines an interoperability layer with a vendor-agnostic metadata model (IEC 61850/61970), HSM-based trust anchors and TCN integration. AI-powered monitoring and endpoint attack detection complete the approach into a holistic end-to-end security architecture

Target picture

Moving from isolated system boundaries toward robust digital cooperation

The project combines a cloud-based interoperability layer with open information models, Hardware Security Modules and Trusted Core Networks. This is intended to make attack detection, load management and other digital services interoperable and ready for operations.

Vendor-agnostic interoperability

A cloud-based interoperability layer with a technology-open metadata model based on IEC 61850 and IEC 61970 connects heterogeneous system landscapes, including IoT, smart metering and secondary systems, without proprietary dependencies or vendor lock-in

End-to-end trust chain with HSM and TCN

Hardware Security Modules (HSM) and Trusted Core Networks (TCN) establish an end-to-end secured, continuously verifiable chain of trust from the field endpoint to the control centre, complemented by Secure-by-Design architectures and endpoint detection and response mechanisms

Cloud and edge for utility operations

IoT platforms, smart meter gateway administration (SMGWA) and edge computing enable scalable, real-time-capable data processing that meets regulatory requirements without compromising IT security or data sovereignty

Digital value-added services with operational impact

AI-based anomaly detection, real-time load management and flexible resource control are developed as concrete value-added services, tested in simulation, lab and field environments, and evaluated for transferability across different grid contexts

AI monitoring and control room assistance

An AI-powered assistance system monitors grid status in real time, detects IT security events and anomalies early, and generates concrete action recommendations for control room operators to respond effectively

Transferability and standardisation

All architecture components and services are designed for regulatory compliance and cross-sector transferability. Project results are documented as a replicable blueprint for secure digitalisation across the energy sector

Practice-oriented perspective

CloudEnerChain aligns its research with future operational use

Transparency for grid operations

An interoperability layer can improve observability and interpretation of complex grid situations

Secure integration of distributed components

Secondary systems, gateways, platforms and grid control systems should interact reliably even across heterogeneous settings

Digital applications with tangible operational value

Applications such as monitoring, anomaly detection or support for flexible processes are aligned with operational needs