Abstract
The transition to sustainable energy increasingly relies on robust communication infrastructure to monitor, control, and optimize energy distribution. Supervisory Control and Data Acquisition (SCADA) networks manage these processes, transmitting sensor data and control commands. However, integrating (smart) communication systems into an ageing existing communication infrastructure introduces vulnerabilities to cyber-attacks, such as false data injection and man-in-the-middle attacks. Although recent advancements in Intrusion Detection Systems (IDS) for SCADA networks show potential in detecting domain-specific threats, testing has largely been confined to simulations due to the nature of critical infrastructure. This paper presents two real-world case studies using actual grid data, where a process-aware IDS solution is tailored to specific network topologies. The result effectively detects various cyber-attacks, including those targeting critical devices like transformers. This work marks a crucial step toward practical deployment, emphasizing the need for a gradual transition from simulation to real-world validation to ensure the safety and reliability of critical grid infrastructure.