123 Main Street, New York, NY 10001

Submit Your BOM

Substation IED Hardware for IEC 61850 Grids

Substation IED Hardware for IEC 61850 Grids

← Back to: Smart Grid & Power Distribution

This page shows how to plan a substation IED hardware platform that can pass IEC 61850 tests, stay online through faults, and integrate cleanly with existing station networks. It pulls together the key decisions on Ethernet and time sync, processing and security, power tree, isolation and IC roles into a checklist-style view you can reuse across projects.

What this page solves

This page focuses on the hardware and power architecture of substation IEDs for IEC 61850 grids. It helps substation and IED design teams understand how to size the SoC or CPU, select Ethernet and TSN devices, plan secure elements, and build redundant power trees and watchdog chains that support revenue-critical protection and automation functions.

Many IEC 61850 projects struggle during certification because the IED platform cannot sustain full MMS, GOOSE and Sampled Values traffic under worst-case load, or because time synchronisation and redundancy do not behave deterministically. Others fail EMC and surge testing when the power tree, supervisors and reset strategy do not keep the device stable through dips, transients and brown-outs.

Security and lifecycle requirements are also increasing. Substation operators now expect secure boot, protected key storage, signed firmware updates and robust logging that can pass cybersecurity audits for ten years or more. This page highlights the IED-level building blocks for hardware security modules, secure elements, watchdogs and power supervision, while leaving detailed protection algorithms, station-wide SCADA functions, TSN network design and grid-level cybersecurity to dedicated pages in the same Smart Grid & Power Distribution cluster.

Substation IED design focus for IEC 61850 Conceptual diagram showing substation engineers facing IEC 61850 certification, EMC robustness and cybersecurity challenges, connected to a central substation IED hardware block with SoC, Ethernet redundancy, HSM security and redundant power and watchdog supervision. Substation IED hardware focus IEC 61850 certification, robustness and security Who uses this page Substation IED hardware teams System integrators and solution vendors Utility technical owners Typical pain points 61850 tests fail under load IED reboots during EMC and surges Security reviews block deployment Substation IED hardware focus SoC / CPU MMS, GOOSE, SV load Ethernet and TSN Redundant GbE, HSR, PRP HSM and security Keys, secure boot, signed updates Power and watchdogs Dual rails, reset, supervisors Related specialist pages Protection Relay SCADA / Substation Gateway Industrial Ethernet and TSN Grid cybersecurity module Purpose of this page Hardware-centric guidance for SoC, Ethernet, security and power design of IEC 61850 substation IEDs.

System roles & IEC 61850 services

A modern substation IED is not a single-purpose box. The same device often acts as an IEC 61850 server that exposes a logical model, a client that subscribes to other IEDs, and a publisher or subscriber for high-speed GOOSE and Sampled Values traffic. Understanding these roles is the first step in deciding how much CPU, memory and Ethernet capability an IED platform really needs.

As a server, the IED presents Logical Devices, Logical Nodes and Data Objects over MMS so that other equipment can read measurements, statuses and protection states. As a client, it maintains sessions to peer IEDs or station controllers to retrieve data, write settings and request operations. As a publisher and subscriber, it sends and receives GOOSE events and Sampled Values streams that must be delivered with tight latency and time alignment on the process and station buses.

Feeder, busbar and transformer IEDs share a similar hardware pattern but operate at different scales. Feeder IEDs may terminate more GOOSE signals related to interlocking and trip commands. Busbar and transformer IEDs may carry heavier Sampled Values traffic and stricter time-sync requirements. Station controllers and bay controllers tend to manage larger MMS models and more client sessions. These differences drive the performance tier of the SoC or CPU, the size of RAM and non-volatile storage, and the number of Ethernet ports that must be populated on the board.

Each IEC 61850 service maps directly to concrete hardware needs. MMS server and client functions require enough processing headroom and memory to hold the data model, handle simultaneous client connections and buffer logs. GOOSE requires deterministic Ethernet paths and traffic prioritisation so that protection messages are not delayed by background traffic. Sampled Values depend on hardware time stamping, stable reference clocks and sufficient MAC and PHY bandwidth to sustain continuous high-rate streams without gaps.

Redundancy and determinism add further constraints. Implementing HSR or PRP means planning for at least two, and often three, GbE interfaces plus appropriate switch and buffer resources. Time-sensitive networking features, such as time-aware scheduling and frame pre-emption, influence the choice of TSN-capable switch and PHY components. Detailed network topology and TSN profile planning is covered in the Industrial Ethernet and TSN page; the focus here is to highlight which capabilities the IED hardware must expose so that those designs remain possible.

IEC 61850 roles and hardware mapping in a substation IED Diagram showing the IEC 61850 server, client and GOOSE or Sampled Values publisher or subscriber roles around a substation IED SoC, with arrows to Ethernet, TSN, PTP time stamping and memory resources that must be sized for the required traffic and redundancy. IEC 61850 roles mapped to IED hardware IED SoC / CPU Runs IEC 61850 stack MMS, GOOSE and Sampled Values IEC 61850 roles MMS server MMS client GOOSE and SV publisher / subscriber Ethernet and TSN Multiple GbE ports HSR, PRP and TSN features QoS and low latency paths Memory and model size Logical nodes and data objects Client sessions and buffering Event and fault logging Time sync and PTP Hardware time stamping Stable reference clocks Alignment for GOOSE and SV From IEC 61850 roles to concrete hardware needs MMS, GOOSE and Sampled Values roles drive decisions on SoC performance, RAM, Ethernet ports, TSN features and PTP time-sync capability in a substation IED.

Substation IED hardware architecture

A substation IED for IEC 61850 grids can be viewed as a single board with a small number of well defined hardware zones. At the centre sits the main SoC or CPU, optionally combined with an FPGA, running the IEC 61850 stack and coordinating protection logic, measurements, logging and security. Around this core, process interfaces, redundant Ethernet ports, secure elements, isolation and power-management ICs create a platform that can pass grid-level robustness and certification.

On the process side, the IED terminates bay-level signals through optically or capacitively isolated digital inputs and outputs, as well as serial interfaces towards legacy relays and RTUs. Time synchronisation inputs such as IRIG-B or pulse-per-second may also enter on this side before crossing into the processing domain. On the network side, two or three GbE ports and an optional industrial switch provide station-bus connectivity, uplinks to gateways and engineering tools, and the physical hooks needed for HSR, PRP or future TSN-based schemes.

Beneath the processing core, redundant DC inputs, surge and inrush protection, PMICs, DC/DC converters, supervisors and watchdogs form the power and supervision tree. An RTC with backup supply maintains time across outages, while secure elements, secure storage devices, tamper inputs and digital isolators sit around the edges of the design. High-voltage CT and VT circuits, trip-coil drivers and detailed primary or secondary wiring are handled by protection relay hardware and are therefore kept out of this IED-level architecture view.

Global hardware architecture of a substation IED Block diagram showing a central substation IED SoC or CPU with optional FPGA, process and bay-level I or O and time-sync interfaces on the left, redundant Ethernet and uplink ports on the right, redundant power inputs and supervision below, and HSM, secure storage, tamper detect and isolators around the periphery. Substation IED hardware zones Substation IED SoC / CPU IEC 61850 stack and control CPU FPGA Process and bay-level I/O DI / DO with isolation Serial links to legacy relays Time sync inputs (IRIG-B, PPS and others) Station-bus Ethernet and uplink GbE port A PRP or HSR path GbE port B PRP or HSR path Engineering or service port Power, supervision and time base Redundant DC inputs protection and inrush control PMIC and DC/DC rails sequencing and load supply Supervisors and watchdogs brown-out and reset control RTC with backup supply HSM / secure element Secure storage Tamper inputs Digital isolators One board, multiple hardware zones The IED SoC or CPU is surrounded by process I or O, redundant Ethernet, power and supervision, and security and isolation devices to meet substation reliability targets.

Ethernet, TSN & redundancy design

Ethernet hardware on a substation IED is more than a pair of RJ-45 connectors. The device must host enough GbE interfaces, support redundancy schemes such as HSR or PRP, and expose PTP-capable MAC or PHY devices so that MMS, GOOSE and Sampled Values traffic remains deterministic under fault and overload conditions. The number of ports populated on the PCB directly limits which redundancy and maintenance strategies can be offered over the product lifetime.

Two GbE ports are typically the minimum for new designs, enabling PRP or ring-based redundancy and allowing the station bus to remain available if a single path fails. High-end IEDs often add a third port for engineering tools or local HMIs so that maintenance traffic does not compete with protection messages. Whether redundancy is implemented through external switches, dedicated redundancy logic or SoC-integrated MACs, each solution consumes PHY channels, traces and power budget that must be planned early in the board layout.

Time synchronisation pushes additional requirements onto Ethernet ICs. Hardware support for IEEE 1588 PTP time stamping at the MAC or PHY level is essential for utility-grade GOOSE and Sampled Values performance. Stable reference clocks, low-jitter oscillators and well-behaved timestamp paths help align events across redundant ports and across the wider substation network. Without hardware time stamping and careful clock design, Substation IEDs struggle to pass advanced IEC 61850 and power-quality tests even if basic communication appears functional during early trials.

Time-sensitive networking extends these capabilities. TSN features such as time-aware shaping, scheduled traffic windows and frame pre-emption can reserve bandwidth for GOOSE and Sampled Values while carrying engineering and SCADA flows on the same links. Even when TSN is not used immediately, choosing TSN-capable switches and PHYs during initial IED design gives substation operators a path to future interoperability. Detailed network-topology and TSN-profile planning belongs in a broader Industrial Ethernet and TSN discussion; at the IED level, the priority is to ensure that port count, redundancy support, PTP capability and TSN feature coverage are sufficient for the intended grid segment.

Ethernet, TSN and redundancy building blocks in a substation IED Diagram showing a substation IED SoC connected to multiple GbE PHYs and an optional TSN switch, with ports labelled for PRP or HSR redundancy, an engineering port and a PTP time-sync block indicating IEEE 1588 hardware time stamping and reference clocks. Ethernet, TSN and redundancy blocks IED SoC / CPU IEC 61850 MMS, GOOSE and Sampled Values TSN / redundancy switch HSR, PRP, VLAN and QoS support time-aware and scheduled traffic Station-bus ports and redundancy GbE PHY A PRP / HSR path GbE PHY B PRP / HSR path Engineering or service port Station bus network A Station bus network B Tools, HMI or gateway PTP and time synchronisation IEEE 1588 hardware time stamping reference clocks and jitter control alignment for GOOSE and SV streams PHY and switch selection criteria Industrial temperature and EMC robustness PTP support, buffer depth and latency HSR, PRP and TSN feature coverage Ethernet hardware as the backbone of substation IEDs Port count, redundancy schemes, TSN features and PTP-capable MAC and PHY devices determine how reliably an IED carries MMS, GOOSE and Sampled Values in modern IEC 61850 grids.

Processing, memory & security subsystem

The processing and memory subsystem determines whether a substation IED can sustain IEC 61850 workloads, security functions and long-term logging without unexpected behaviour. The main architectural choice is usually between an ARM MPU running a feature-rich operating system, a microcontroller combined with an FPGA or CPLD, or a fully integrated FPGA SoC that merges hard cores and programmable logic. Each option targets a specific mix of IEC 61850 services, local HMI requirements and redundancy expectations.

ARM MPU-based platforms suit IEDs that host large IEC 61850 data models, multiple MMS client and server roles, Secured profiles and web or graphical HMIs. MCU plus FPGA architectures separate protocol and configuration logic from hard real-time processing, and are common in protection- oriented devices with demanding sampling or custom legacy interfaces. FPGA SoCs combine these patterns on a single die and are often used in high-end bay controllers or merging units that terminate dense Sampled Values streams while still running complex applications and multiple Ethernet ports on top.

Memory and storage sizing must reflect the IEC 61850 model, connection count and logging policy. RAM and DDR capacity is driven by the number of logical nodes and data objects, simultaneous MMS sessions and buffers for GOOSE and Sampled Values processing. ECC on external memory reduces the risk of silent bit errors over long service lifetimes. Non-volatile storage is typically split between a secure boot region for ROM-validated bootloaders and firmware images, and larger devices such as eMMC or NAND for event logs, disturbance records and multiple firmware packages with rollback capability and wear-leveling support.

Security hardware wraps around the processing core. A secure boot chain anchors in immutable ROM, validates the bootloader and then authenticates signed firmware images before execution. A hardware security module or secure element protects long-term keys and certificates, provides a robust random number source and can accelerate TLS or DTLS handshakes as well as GOOSE or Sampled Values authentication functions. The IED exposes these capabilities through well-defined interfaces so that the wider cybersecurity architecture can manage credentials, certificates and secure update workflows without full access to the root keys.

Watchdog and fault-management circuits complete the subsystem. Internal watchdog timers supervise the main firmware, while external supervisors monitor voltage rails, clock health and a hardware heartbeat. Window watchdogs detect both stalled and runaway software. Reset causes are logged in non-volatile storage so that cold starts, controlled warm restarts, brown-outs and watchdog events can be distinguished. Clear fail-safe modes ensure that, when unrecoverable faults occur, the IED moves to a defined safe state while leaving protection and interlocking responsibilities in a predictable condition for the wider grid.

Processing, memory and security subsystem in a substation IED Block diagram showing the main IED SoC or CPU, DDR and non-volatile memory, a hardware security module or secure element, secure boot chain, internal and external watchdogs and fault-logging paths that support reliable and secure substation IED operation. Processing, memory and security subsystem Substation IED SoC / CPU IEC 61850 stack, protection and logging ARM MPU / MCU FPGA or FPGA SoC Memory subsystem DDR / RAM with ECC Boot flash ROM-validated eMMC / NAND for logs and firmware packages Security subsystem HSM / SE keys and crypto Secure storage Secure boot, TLS offload, GOOSE / SV authentication Watchdog and fault management Internal watchdog and window watchdog External supervisors and reset control Fault logging and cold / warm restart paths Secure boot chain and firmware images ROM boot code → authenticated bootloader → signed firmware Dual-image and rollback support for safe updates Platform decisions for long-lived substation IEDs CPU class, memory and storage sizing, secure boot, HSM integration and watchdog design shape the reliability and security posture of an IEC 61850 substation IED.

Power tree, redundancy & ruggedness

The power tree of a substation IED must support redundant supply options, predictable start-up and restart behaviour and stable operation through surge, dip and electromagnetic disturbances. Typical topologies combine two independent DC feeds, a DC feed and a battery backup rail or combinations of local DC and PoE. Input protection, Or-ing control and surge limiting devices prevent faults on one source from propagating into the rest of the IED or into the other source.

Redundant DC inputs usually pass through separate fuses or eFuses, current-limited stages and surge protectors before meeting at an ideal-diode or active Or-ing controller. This protected bus then feeds one or more DC/DC stages and PMICs that generate core, DDR, I/O and PHY or switch rails. In some layouts, a battery or supercapacitor-backed rail supplies selected domains during short interruptions, giving the IED enough time to save logs and perform a controlled shutdown instead of dropping power abruptly under stress.

The PMIC and downstream regulators implement the rail structure, sequencing and supervision needed for modern SoCs. Core rails, DDR rails, I/O rails, Ethernet-device rails and auxiliary rails are often separated so that faults can be contained and sensitive domains are not over-stressed. Power-up sequencing ensures that voltage levels rise and fall in a safe order, while brown-out detection and voltage supervisors provide early warning of sagging supplies and assert reset before digital logic enters undefined regions. These supervision signals connect directly to the watchdog and reset-management logic described in the processing subsystem.

Ruggedness is validated against standards such as IEC 61000-4-x. The power tree must ride through electrostatic discharge, conducted and radiated disturbances, surges and voltage dips without uncontrolled resets or latch-up. Device selection and layout should support industrial temperature ranges, conformal coating where required and long-life capacitors that can survive elevated ambient temperatures over the expected service period. Detailed surge-arrestor combinations, SPD stages and TVS or GDT selection are covered in the EMI and surge protection topic; here the focus is on ensuring that the IED power architecture exposes the right hooks to remain stable and predictable in harsh grid environments.

Power tree, redundancy and ruggedness of a substation IED Block diagram showing dual DC inputs and optional battery, protection and Or-ing stages, PMIC and DC or DC rails for core, DDR, IO and Ethernet, supervisors and brown-out detection, and an environment and reliability block summarising EMC and temperature considerations. Power tree, redundancy and ruggedness DC input 1 from station supply DC input 2 redundant source Battery or PoE input backup or auxiliary rail Input protection and Or-ing eFuse, surge limiter, ideal diode / active Or-ing controller Protected DC bus PMIC and DC/DC rail generators Sequencing, efficiency and fault reporting for multiple rails Core rail DDR rail IO and auxiliary rails Ethernet PHY and switch rails Supervisors and brown-out detection Rail monitoring, reset thresholds and start-up sequencing Early warning of dips and controlled restart behaviour Environment and reliability IEC 61000-4-x EMC and surge performance Industrial temperature, coating and capacitor lifetime Power architecture as a foundation for reliable IED behaviour Redundant inputs, protected DC buses, PMIC-managed rails and supervision circuits keep the substation IED stable through surges, dips and harsh environmental conditions.

I/O, time sync & process interfaces

The way a substation IED connects to process signals and time sources determines how well it can align events, coordinate with protection devices and integrate legacy equipment. Time synchronisation is usually anchored by PTP over Ethernet, which relies on hardware timestamp support in the MAC or PHY and on stable reference clocks. Additional options such as GNSS, IRIG-B and pulse-per-second inputs and outputs extend the time architecture and should be considered when defining board-level connectors, isolation and routing.

Board-level time interfaces typically include one or more Ethernet ports that participate in PTP time synchronisation, plus optional headers or connectors for GNSS receivers and IRIG-B channels. GNSS modules or external receivers contribute serial NMEA data and a 1PPS signal that must reach timer-capable pins with controlled jitter. IRIG-B inputs and outputs pass through filtering and galvanic isolation before entering FPGA or SoC timer blocks, and dedicated PPS distribution outputs can fan out an internal time base to other bay-level devices without exposing the IED core directly to external noise and surge events.

On the process side, the IED terminates digital inputs and outputs, breaker control signals on the low-voltage side and legacy serial or fieldbus interfaces. Discrete inputs from auxiliary contacts or position switches arrive through digital isolators or optocouplers that provide creepage, surge robustness and common-mode transient immunity. Digital outputs and low-voltage breaker drive signals use high-side or low-side switch ICs, often with built-in diagnostics, while high-energy trip coils and high-voltage paths remain the responsibility of protection relay hardware and are not part of the IED board-level design discussed here.

Legacy relays and RTUs are commonly attached through RS-485 or RS-232 links. Industrial-grade transceivers, sometimes combined with digital isolators or integrated isolated drivers, provide the physical layer for these channels and must meet ESD, surge and temperature requirements. From an IC perspective, the I/O and time-sync domain is built around families of digital isolators or optocouplers, serial transceivers, low-voltage drivers and optional GNSS or time-sync companion devices that feed precise time and process information into the main IED logic domain.

I/O and time synchronisation interfaces around a substation IED Block diagram showing an IED logic core connected to process I or O with isolators and drivers, legacy serial interfaces with RS-485 or RS-232 transceivers, and time synchronisation interfaces including PTP over Ethernet, GNSS, IRIG-B and PPS signals. I/O and time synchronisation interfaces IED logic domain / SoC IEC 61850 application and control logic Process I/O zone Digital inputs with isolation Digital outputs and breaker drive Legacy serial / fieldbus RS-485 / RS-232 to relays and RTUs To bay-level auxiliary contacts and control wiring Digital isolators Low-voltage drivers Time synchronisation zone PTP over Ethernet hardware timestamps GNSS receiver NMEA + 1PPS IRIG-B in / out isolated, filtered PPS distribution to local devices Key IC families for I/O and timing Digital isolators and optocouplers RS-485 / RS-232 transceivers and drivers GNSS and time-sync companion devices Interfaces that anchor the IED to process signals and time Time-sync connectors, isolated digital I/O and industrial serial interfaces must be planned early so that the substation IED can align events, drive breakers and integrate legacy devices.

Design traps & checklists

A substation IED that looks correct at block-diagram level can still fail type tests or field trials because of subtle performance, hardware or maintenance pitfalls. This section collects common traps encountered during IEC 61850 performance testing, network integration and long-term operation, and turns them into concrete checklist items that can be used before freezing hardware and before sending devices to certification laboratories.

Performance and protocol traps include overload scenarios where GOOSE and Sampled Values traffic pushes CPU usage, buffers and latency beyond acceptable limits, as well as conformance failures caused by time-synchronisation drift or abnormal restart behaviour. Hardware traps are often linked to Ethernet layout, redundant power switching and watchdog configuration. Maintenance and lifecycle traps show up later, when firmware upgrade chains, logging strategies and timestamp handling are exercised over many years of service.

Performance & protocol traps

  • Has GOOSE and Sampled Values traffic been tested at worst-case rates with all configured clients active, and is there still comfortable CPU and buffer headroom?
  • Are latency and jitter measured as a full budget from event detection or sampling to frame emission, including peak values such as P99 or higher, instead of only average delays?
  • Do PTP or other time sources maintain accuracy and stability across cold starts, load changes and temperature drifts without violating IEC 61850 timing expectations?
  • Has the protocol stack been exercised with malformed and stress-test traffic to ensure that no single packet pattern can crash or deadlock the IED?
  • Do integration and pre-certification tests closely mirror the scenarios used by IEC 61850 laboratories, including restart, failover and time-sync disturbance cases?

Hardware traps

  • Are RGMII or SGMII links between SoC and PHY or TSN switch routed with controlled impedance, length matching and reference planes that meet vendor guidelines and maintain PTP accuracy?
  • Has the redundant power input system been tested for fast source loss and switchover, with scope captures that show core and DDR rails staying within safe ranges?
  • Do supervisors and brown-out thresholds assert reset early enough to prevent undefined behaviour when input voltage momentarily sags or oscillates during surge and dip tests?
  • Is there any software path that can leave the application stuck while still feeding the watchdog, and have window watchdog parameters been tuned to avoid false positives?
  • Are critical temperature, EMC and surge ratings of connectors, transceivers and power components aligned with the station environment rather than only typical lab conditions?

Maintenance & lifecycle traps

  • Does the firmware upgrade mechanism use an A/B image or equivalent scheme so that power loss during update cannot leave the device without a bootable and verifiable image?
  • Are firmware images authenticated by the secure boot chain, and are rollback rules defined so that failed updates do not compromise security or availability?
  • Is the event-logging format designed to distribute writes across the available non-volatile memory, avoiding premature wear-out of a small flash region?
  • Are log retention periods, log size and export mechanisms planned such that disturbance records, security events and sequence-of-events traces remain available for audits?
  • Does the design handle transitions between PTP, GNSS and local RTC without silent timestamp jumps, and are time-source quality and alarms recorded in the event log?
Design traps and checklist areas for a substation IED Diagram showing three groups of traps for a substation IED: performance and protocol traps, hardware traps, and maintenance and lifecycle traps, each with example items that engineers can check during design reviews. Design traps and review checklist Performance & protocol traps • GOOSE / SV CPU and buffer headroom • Worst-case latency and jitter budget • Time-sync drift under stress and temperature • Behaviour with malformed and stress-test traffic • Alignment with IEC 61850 lab scenarios Hardware traps • RGMII / SGMII layout and clock integrity • Redundant power switchover transients • Brown-out thresholds and reset behaviour • Watchdog coverage and window timing • Component ratings for EMC and surge tests Maintenance & lifecycle traps • Safe firmware update and rollback chain • Secure boot enforcement during upgrades • Flash wear-out from event logging patterns • Log retention and export for audits • Timestamp continuity and time-source quality IED review checklist Turning lab failures into design-time checklist items Grouping traps into performance, hardware and lifecycle domains helps engineering teams review substation IED designs before prototypes reach certification labs or long-term field trials.

IC mapping & vendor-neutral roles

The hardware blocks of a substation IED can be described as a set of vendor-neutral IC roles. This makes it easier to compare different suppliers, prepare bill-of-material variants and keep the IEC 61850 station-bus, security and power architectures stable across product generations. The table below groups these roles by function, lists the IC families typically used and highlights the key parameters that drive selection.

Each function block can be implemented by multiple vendors. The example part numbers under “Example IC families” are indicative only and are intended to show the typical device classes used in this role. Detailed comparisons and brand-specific shortlists can then be developed on separate pages without changing the high-level mapping shown here.

Cross-links in the “Notes / cross-links” column point to sibling topics that cover network topologies, cybersecurity architectures, high-voltage isolation and surge protection, so that this page can stay focused on device roles rather than complete schematic details.

Function block Typical IC type Key parameters to compare Example IC families & notes / cross-links
Station-bus Ethernet GbE PHY or managed switch with TSN / HSR / PRP support Port count, integrated switch functions, PTP hardware timestamp support and resolution, industrial temperature range, EMC robustness, supply rails and power dissipation. Example families: KSZ9477 / KSZ9563 (Microchip), DP83869 / DP83826E (TI), ADIN1300 (ADI). See Industrial Ethernet & TSN topic for network topology, TSN profiles and HSR / PRP redundancy planning.
CPU / SoC ARM MPU / application processor, industrial SoC, FPGA SoC, high-end MCU plus FPGA Core architecture and frequency, number of cores, DDR interface and ECC support, integrated Ethernet MACs or switches, crypto engines, industrial temperature range and longevity commitments versus IEC 61850 data model and redundancy strategy. Example families: i.MX 6 / 8M (NXP), AM64x / AM57x (TI), STM32MP1 (ST), Zynq-7000 / Zynq UltraScale+ (AMD/Xilinx), Cyclone V SoC (Intel). Map performance class to the targeted IEC 61850 service set and local HMI needs.
Security / HSM Secure element, TPM, on-chip HSM or security MCU Secure boot integration, key and certificate storage capacity, AES / ECC / hash acceleration, TRNG quality, tamper detection features, industrial operating range and long-term availability. Example families: ATECC608A (Microchip), OPTIGA Trust M / TPM SLB97xx (Infineon), STSAFE-A / STSAFE-TPM (ST), CAAM / HSM options inside i.MX and RZ/N SoCs. See Grid Cybersecurity Module topic for key lifecycle and secure update architectures.
Power tree & supervision PMIC, DC/DC converter, ideal-diode / Or-ing controller, eFuse, supervisor, watchdog Input voltage range and surge tolerance, number of regulated rails and sequencing capability, efficiency and thermal margin, brown-out thresholds, reset timing, watchdog options and status reporting towards the CPU domain. Example families: PF8xxx (NXP), TPS65218 / TPS65261 / LM5143 + LM5050 / TPS242x eFuse (TI), LTC337x / LTC4357 (ADI), ISL9xxx / RAA PMICs (Renesas). Surge arrestor and SPD combinations are detailed in the EMI / Surge / Lightning Protection topic.
Isolation & low-voltage I/O Digital isolators, optocouplers, RS-485 / RS-232 transceivers, DI / DO drivers Isolation voltage and creepage, CMTI, propagation delay, bus ESD and surge ratings, driver current capability and diagnostic feedback for digital outputs and breaker control lines on the low-voltage side. Example families: ISO77xx / ISO78xx (TI), ADuM13xx / ADuM14xx (ADI), ACPL-xxxx optocouplers (Broadcom), SN65HVD / ISO35x RS-485 (TI), MAX14840 / MAX3443 (Maxim/ADI), VNQ / VND high-side switches (ST), PROFET drivers (Infineon). High-voltage measurement chains are covered in Protection Relay and HV Isolation & Sensing topics.
Time synchronisation interfaces PTP-capable MAC / PHY, GNSS receiver, IRIG-B front-end, clock generator / PLL PTP timestamp accuracy and jitter, GNSS sensitivity and 1PPS characteristics, IRIG-B encoding support and isolation requirements, clock source type (TCXO / OCXO) and fan-out capability to time-sensitive domains. Example families: LAN88xx / VSC85xx with PTP (Microchip / Microsemi), AD9545 / AD95xx clock generators (ADI), Teseo GNSS modules (ST), u-blox NEO / LEA / ZED GNSS modules. System-level time architectures are discussed in Timing & Synchrophasor and Substation Time Sync topics.
Logging & storage NOR flash, eMMC, SD / NAND, FRAM or MRAM for event logs and configuration Endurance and write-erase cycle limits, density and interface type, data retention at temperature, built-in wear-leveling or health reporting, ability to support dual images and rollback for firmware updates. Example families: W25Q NOR flash (Winbond), eMMC devices from Micron / Kioxia / Samsung, FMxx FRAM (Infineon/Cypress), MRAM options from Everspin and NXP. Sizing should reflect IEC 61850 data model, event-logging policy and upgrade strategy.
Auxiliary monitoring Temperature sensors, voltage and current monitors, housekeeping ADCs, power-good monitors Measurement accuracy over temperature, number of monitored channels, alert thresholds and interrupt behaviour, integration with system log for lifetime and diagnostic information. Example families: TMP10x / LM75 (TI), ADT75 / ADT7420 (ADI), integrated monitoring channels in many PMICs and supervisor ICs. These devices feed into the event-log and maintenance views defined in the design checklist.

Request a Quote

Accepted Formats

pdf, csv, xls, xlsx, zip

Attachment

Drag & drop files here or use the button below.

FAQs about substation IED hardware and IEC 61850 design

These twelve questions capture the main hardware and system decisions you face when planning a substation IED with IEC 61850. Each answer focuses on practical selection criteria and cross-links to the relevant sections of this page and related topics when deeper detail is needed.

When should a dedicated substation IED be used instead of embedding IEC 61850 directly into each relay?

Using a dedicated substation IED instead of embedding IEC 61850 in every relay makes sense when the station has many bays, complex data models, or demanding SCADA integration. A central IED simplifies modelling, supervision and upgrades, while relays can focus on protection logic and high-voltage interfaces instead of running full communication stacks.

How much CPU and memory budget is typically required for MMS, GOOSE and Sampled Values in a medium-size substation IED?

CPU and memory sizing depends on the number of logical nodes, report and log control blocks, and how many clients subscribe to GOOSE and Sampled Values. A practical approach is to design for peak traffic and at least 30-50 percent CPU headroom, plus generous RAM for buffers, logging and future firmware features.

Does a substation IED need PRP/HSR and TSN at the same time on its Ethernet ports?

PRP or HSR and TSN solve different problems. PRP and HSR give path and link redundancy, while TSN provides deterministic timing and scheduling. Your IED may only need PRP or HSR on certain ports today, but choosing Ethernet silicon that can later enable TSN features avoids redesign when the station network evolves.

How tight does PTP or overall time synchronisation accuracy need to be for typical bay-level IED applications?

Time accuracy needs depend on the application. For simple status reporting and basic GOOSE coordination, sub-millisecond accuracy is usually sufficient. When Sampled Values feed protection or measurement functions, microsecond-level sync is safer. If synchrophasor or PMU features are planned, the IED should follow the tighter timing guidance from dedicated time synchronisation topics.

What are the hardware-related pitfalls that most often cause IEC 61850 type tests or certification to fail for an IED?

IEC 61850 certification often fails because of weak timing and restart behaviour under stress. Typical pitfalls include PTP drift when temperature or load changes, Ethernet links that drop frames during EMC tests, and watchdog schemes that leave the CPU running in undefined conditions. Layout and power failover glitches can also break conformance tests.

How should secure boot and firmware update be architected for a substation IED?

Secure boot and firmware updates work best as a closed chain anchored in hardware. A root of trust validates a first-stage bootloader, which then checks signed firmware images before execution. Dual image or A/B schemes, plus carefully designed rollback rules, protect your IED against both power interruptions and corrupted or malicious updates.

What level of power input and rail redundancy is appropriate for a substation IED that is expected never to go down?

Power redundancy should reflect how critical the IED is to station operation. High-availability designs often use dual DC inputs, ideal-diode or eFuse OR-ing, and separate rails for core, I/O and Ethernet. Supervisors, brown-out detectors and watchdog logic must guarantee a clean reset path instead of letting processors run in marginal voltage regions.

How should isolation be planned between Ethernet, process I/O and auxiliary interfaces in a substation IED?

Isolation planning starts by grouping station-bus Ethernet, process I/O and service interfaces into clear domains. Each domain uses digital isolators, isolated transceivers or dedicated interface modules to meet insulation and CMTI requirements. Process signals and auxiliary ports can then be protected against surge and noise without compromising the timing or integrity of the core logic.

What is a practical way to log events and faults in an IED without wearing out the flash memory?

To avoid wearing out flash, event logging should use append-only or ring-buffer structures rather than repeatedly rewriting the same small sector. Wear-levelling in eMMC or NAND needs realistic estimates of event rates. High-frequency counters and diagnostic flags can move to FRAM or MRAM so that only summarised data reaches slower, limited-endurance storage.

How can a new IEC 61850 substation IED coexist cleanly with existing non-TSN and non-61850 equipment in the same station?

A new IEC 61850 IED can coexist with legacy equipment by offering a clean separation between modern station-bus interfaces and gateways to older protocols. Dedicated Ethernet ports, serial channels or a companion SCADA gateway can bridge Modbus, IEC 60870-5-104 or DNP3. Clear network segmentation keeps TSN or PRP domains from being polluted by legacy traffic.

When is it worth using an external HSM or secure element instead of relying only on the SoC’s built-in crypto features?

An external HSM or secure element is valuable when compliance, tamper resistance or fleetwide key management requirements exceed what the SoC alone can provide. Dedicated devices add hardened key storage, audit-ready crypto operations and secure counters. They also make it easier to share a common security architecture across several hardware platforms and product generations.

How can a substation IED design be future-proofed for newer IEC 61850 editions, evolving Ethernet profiles and cybersecurity requirements?

Future-proofing a substation IED design starts with margin. Extra CPU, RAM, storage and Ethernet features allow later IEC 61850 editions, new profiles and stronger cybersecurity measures to be adopted by firmware rather than metal changes. A vendor-neutral IC mapping and modular security architecture also make it easier to refresh components without redesigning the entire platform.

icnavigator

ICNavigator helps engineers find verified ICs, alternatives, and fast quotes.

Explore
Categories
  • Power Management
  • MCU
  • Automotive ICs
  • Sensors
  • Interface & Transceivers
  • Analog Front-End
Get in Touch
  • Email: hello@icnavigator.com
  • WeChat/WhatsApp: +86-xxxx

© 2025 ICNavigator. All rights reserved.