Summary
The increasing integration of converter-based renewable sources, High-voltage Direct Current
Read more Read less(HVDC) links, and Flexible AC Transmission Systems (FACTS) devices in the Brazilian
Interconnected Power System (Sistema Interligado Nacional - SIN) has raised operational complexity, making Special Protection Schemes (SPS) essential for grid stability. In response, the Brazilian National System Operator (Operador Nacional do Sistema Elétrico - ONS) developed a large-scale SPS that maximizing the utilization of the power interconnections between the North, Northeast, and Southeast regions of Brazil, without compromissing operational security, called SEP N-NE-SE. SEP N-NE-SE covers approximately 750,000 km² and integrates assets operated by 15 utilities. This multi-utility structure has no centralized ownership of assets or communication equipment. As a result, it creates a cybersecurity governance challenge. Multiple stakeholders must share real-time data and execute corrective commands over a critical IEC 61850 Layer-2 wide-area communication infrastructure, while preserving strict segregation, operational integrity, and cyber resilience. SEP N-NE-SE needs to deliver deterministic corrective actions under severe contingencies. In SPS deployments operated by multiple independent utilities, cybersecurity must be addressed as both a governance and an engineering problem. Responsibilities, assets, and telecommunications paths are distributed across different operators, while protection functions require strict availability and hard real-time performance.
This paper presents the SPS communication network design and architecture, formalized as a specification that must be followed by all utilities involved in the SPS implementation. The specification was developed as a secure-by-design engineering proposal for cybersecurityoriented communications, monitoring, and supervision in a large-scale SPS interconnected over a Layer-2 wide-area infrastructure spanning multiple utilities, with GOOSE transported exclusively over a real-time Ethernet over MPLS-TP network with dedicated tunnels, replacing legacy long-distance SDH segments. The paper further summarizes the implementation outcomes in Brazil from a cybersecurity and performance perspective, highlighting practical lessons learned from deployment, integration, and validation activities, including integrated end-to-end tests that confirmed corrective actuation times of approximately 40 ms in the most critical scenarios.
This specification is referred to as RM-REDE (Minimum LAN/WAN Network Requirements for the SEP N-NE-SE). RM-REDE was developed by YSMART, in partnership with TAESA and ONS. The specification adopts a strictly segregated architecture composed of three complementary domains. A dedicated and redudancy Protection Network carries only predefined GOOSE Layer-2 flows under a default-deny posture. In parallel, a Monitoring Network supports distributed collection points at each Utility and enables centralized management using non-proprietary mechanisms such as SNMP and secure transport. Finally, a Supervision
Network relies on MMS to provide operational supervision, including the use of LGOS and
LCCH to supervise GOOSE subscriptions and communication channels.
Deterministic protection is achieved through dedicated Layer-2 security elements applying whitelisting based on Ethertype/VLAN and source/destination identifiers, combined with rate limiting for denial-of-service resilience. Firewalls separate SPS domains from corporate/operational IP networks, allowing only explicitly authorized management and supervision access. Cybersecurity governance is implemented through RBAC with centralized
AAA (e.g., RADIUS/TACACS+), device hardening, centralized syslog, and IDS visibility via traffic mirroring at the Master, enabling coordinated alarming and incident escalation. Our specification also constrains the design with explicit performance budgets, 37 ms for local segments and 63 ms for wide-area transport, supporting a 100 ms end-to-end corrective action envelope and requiring bandwidth reservation and prioritization for protection traffic. The validation campaign included a real-equipment testbed and more than 40 structured cyberattack simulations (e.g., DoS, spoofing, replay, impersonation, and unauthorized injection), confirming that unauthorized actions were detected or blocked without degrading deterministic performance. The proposed specification provides a replicable reference for cybersecurity compliance, incident management, and deterministic performance assurance in decentralized, multi-operator energy infrastructures.
Additional informations
| Publication type | Session Materials |
|---|---|
| Reference | D2_11403_2026 |
| Publication year | |
| Publisher | CIGRE |
| Country | Brazil |
| Study committees | |
| File size | 643 KB |
| Price for non member | 30 € |
| Price for member | 30 € |
Authors
NETO Helio - YSMART Brazil; LOPES Yona - YSMART Brazil; SIQUEIRA Igor - ONS Brazil; FERNANDES Natalia - YSMART Brazil
Keywords
Cybersecurity, Special Protection Schemes (SPS), IEC 61850 GOOSE Communication, MPLS-TP Wide-Area Networks, Software-Defined Networking (SDN)