To address the challenge of detecting zero-day cyberattacks in IEC-61850-based digital substations, this work pioneers the adoption of in-context learning (ICL) from large language models (LLMs) in power industrial control system (ICS) security. Methodologically, we propose a lightweight prompt engineering framework coupled with an IEC-61850 communication traffic modeling mechanism, both built upon a Transformer architecture—enabling adaptive anomaly detection without model fine-tuning and requiring only few-shot or even zero-shot examples. Our core contribution lies in overcoming the reliance of conventional machine learning on known attack signatures, thereby supporting real-time detection of dynamically evolving zero-day attacks. Evaluated on a standard IEC-61850 dataset, our approach achieves 85.3% accuracy in zero-day attack detection, outperforming existing state-of-the-art methods while maintaining high computational efficiency and deployment feasibility.

The occurrences of cyber attacks on the power grids have been increasing every year, with novel attack techniques emerging every year. In this paper, we address the critical challenge of detecting novel/zero-day attacks in digital substations that employ the IEC-61850 communication protocol. While many heuristic and machine learning (ML)-based methods have been proposed for attack detection in IEC-61850 digital substations, generalization to novel or zero-day attacks remains challenging. We propose an approach that leverages the in-context learning (ICL) capability of the transformer architecture, the fundamental building block of large language models. The ICL approach enables the model to detect zero-day attacks and learn from a few examples of that attack without explicit retraining. Our experiments on the IEC-61850 dataset demonstrate that the proposed method achieves more than $85%$ detection accuracy on zero-day attacks while the existing state-of-the-art baselines fail. This work paves the way for building more secure and resilient digital substations of the future.