Electricity infrastructure in the face of cyber risk: the time synchronisation problem

The  major electricity blackout across the Iberian Peninsula in April 2025 serves as a stark reminder of how essential the availability of the electricity system is for society as a whole. Among the threats to its security are cybersecurity attacks, which pose increasing risks to the stability and resilience of the grid. In this interview, we will focus on one of these threats: time synchronisation attacks.. José Antonio Álvarez Cubero, International Business Development Manager at Axians, and Roger Bretcha Baró, Substation Project Manager at Omexom, explain that there is one approach that can promise secure and robust infrastructure.

What is time synchronisation in the energy sector?

Roger Bretcha Baró: In the age of digital transformation of the energy sector, precise time synchronisation has become fundamental to the operation of modern electrical substations, especially those based on the CEI 61850 standard. As public services increasingly adopt digital substations to improve network performance, efficiency and resilience, maintaining a precise and unified reference time for all devices is no mere technical detail but an essential requirement.

To achieve the necessary level of precision, electrical substations generally rely on GPS (Global Positioning System) or GNSS (Global Navigation Satellite System) receivers. These systems provide an extremely precise reference time signal. As the energy landscape evolves, with the integration of renewable energies and the need to monitor the network in real time, secure and robust time synchronisation is  increasingly important.

What are the vulnerabilities in time synchronisation, including in terms of cyberattack risks?

José Antonio Álvarez Cubero: Time synchronisation is essential for protection, monitoring and reliable control of the network, but does introduce a new, often-underestimated vulnerability: cyberattacks against the time sources and synchronisation protocols.

The GPS and GNSS systems that most substations depend on are intrinsically vulnerable to impersonation, a method by which attackers transmit false satellite signals to fool receivers. If they are successful, an impersonation attack can corrupt time synchronisation and introduce erroneous timestamps into protection and control systems. The consequences are serious: protection relay malfunctions, incorrect fault isolation, and even a complete inability to detect critical network events.

“Time synchronisation introduces a new vulnerability: cyberattacks against the time sources and synchronisation protocols”

But the cyber risks extend beyond satellite coverage. Time synchronisation protocols such as PTP and NTP, if not properly secured, can be manipulated through a man-in-the-middle (MITM) attack. In such an attack, an attacker secretly intercepts and possibly alters communication between two parties who believe they are communicating directly. Hackers can intercept and alter time packets, introduce artificial time lags or send out fake time updates, creating clock skew between devices. This can cause false triggering or prevent triggering when real faults occur, endangering equipment and service continuity.

Also, GPS jamming (using low-cost devices to block satellite signals) is a growing concern. Jamming can cause a total loss of reference time, which can create a cascade of failures in protection systems that rely on synchronised operation. In power networks, where some critical protection and control functions require microsecond-level time accuracy, a single compromised time signal can cause major operational disruption.

What specific impacts could these cyber threats have on network stability?

J.A.A.C.: As power systems become increasingly digitalised, automated, and interconnected, the reliance of substations on precise time synchronisation becomes a critical cybersecurity concern. A compromised time synchronization can lead to major consequences, including malfunctions of protection systems, loss of situational awareness, incorrect fault location, poor correlation of events and alarms, and even disruptions to load balancing and frequency control.

What solutions do Axians and Omexom offer to fix these kinds of vulnerabilities?

J.A.A.C.: By combining Axians expertise in information and computing technology (ICT) with solid Omexom experience in operational technologies (OT), the two brands are particularly well placed to design and supply global solutions to provide time synchronisation in substations, as seen with their joint Secured Digital Grid project, a real-world ICT/OT integrated cybersecurity demonstrator for the energy sector.

This joint Axians-Omexom solution addresses this critical problem using a secured time synchronisation architecture (redundant and resilient time synchronisation networks, SDN-based microsegmentation* and industrial firewalls), a standards-compliant end-to-end cybersecurity framework adapted for time synchronisation, real-time monitoring with anomaly detection, and incident-response training and preparation.

Pioneering collaborations

Collaboration between Axians and Omexom has already produced some pioneering results. One outstanding example is the first entirely digital 225 kV high-voltage substation in Thiès, Senegal, commissioned in May 2021. This project included cybersecurity as a fundamental requirement. Building on that success, the two brands are currently collaborating on another flagship project: a 420 kV digital substation in Åker, Sweden.

*SDN-based microsegmentation means using software-controlled networks to split a system into very small, isolated zones, so that even if one part is compromised, an attacker cannot easily move to others.

02/16/2026