Cyber actors can target the unsecured IEC 61850 protocols in digital substations to open circuit breakers and affect the power system operation. Thus, system operators must detect cyber-physical anomalies and differentiate in real-time between power system faults and cyber attacks on digital substations for effective incident response. In this work, we propose a novel image encoding method for event correlation using cyber-physical time-series data, i.e., Phasor Measurement Units (PMUs) and Operational Technology (OT) network traffic. More specifically, we propose a dynamic variation of the Gramian Angular Field method, which generates image streams capturing in real-time the spatial-temporal features in PMU measurements and IEC 61850 GOOSE traffic throughput. The proposed method for cyber-physical event correlation uses an image fusion technique. The method is tested using the benchmark IEEE 9-bus system. It successfully distinguishes between three-phase faults and GOOSE cyber attacks, demonstrating its usefulness for power system cyber security analytics.

High Voltage Direct Current (HVDC) technology is one of the key enablers of the energy transition, especially for offshore wind energy systems. While extensive research on cyber security of High Voltage Alternating Current (HVAC) systems has been conducted, limited research exists on cyber security aspects of HVDC systems. These systems exhibit unique attributes, in comparison to HVAC systems, such as longer transmission line distances and increased volume of data samples for wide-area monitoring, control, and protection applications. These factors lead to a higher vulnerability of HVDC systems to cyber attacks. Existing state-of-the-art HVDC surveys, however, are primarily focused on HVDC physical components and exclude cyber security elements. Therefore, this paper presents the first detailed survey on the cyber security of HVDC Cyber-Physical Systems (CPS). We present a comprehensive review of the state-of-the-art HVDC systems, with a special focus on cyber threats and vulnerabilities, defense and mitigation strategies, and testbeds. Based on the review and analysis, insights and recommendations on future research directions to address the research gaps in this field of study are provided. Future research on cyber security for HVDC systems should prioritize the integration of cyber and physical system data and focus on early-stage detection to mitigate the potentially severe impacts of cyber attacks on HVDC grids.