I. Introduction

System security is the main asset and responsibility [1] of a system operator. Even when everything is in a normal state throughout the grid, the operator should always be able to determine whether the state is secure or insecure, in order to take preventive security control action in the latter case [2]. In practice, many factors can move the system out of its security boundaries [3]–[6] following a normal-state contingency, such as post-contingency voltage or frequency violations, transient rotor angle instability, undamped oscillations, excessive temperature rise, etc. To ensure convenient online supervision, stability threats are converted into a single stability limit set on the power transfer across key interfaces of the system, which are computed online using DSA packages and offline based on extensive operational planning studies [7]–[11]. Since the introduction of the security control concept in the early seventies and the advent of SCADA shortly afterwards [2], this task has been done by checking in real-time whether 1) the actual power transfer across critical interfaces is below the online or offline pre-determined transfer limits and 2) the voltages of the backbone grid buses and reactive-power reserve remain within prescribed bounds [5], [6]. An automated access to look-up tables containing these threshold values for each likely topology and system status makes it possible to easily compare SCADA measured quantities against the stored limits, compute the security margin and initiate requests for preemptive corrections when the normal state is deemed insecure [3], [4], [7].