New-energy plants and battery energy-storage stations increasingly depend on software-defined supervision, remote maintenance, and event-driven control, which makes cyber protection inseparable from operational responsiveness. This study presents a calibrated context-aware Security-as-a-Service orchestration framework, denoted SECaaS-CARO, for station-oriented adaptive risk control. The framework separates field assets, control services, security services, and an adaptive decision layer, and it uses a monotone nine-indicator risk score whose weights are calibrated from the training split rather than fixed heuristically. A validation-based threshold search maps that score to low-, medium-, and high-intensity service chains so that protection strength changes with session context instead of remaining static. A reproducible semi-synthetic dataset containing 17,000 station sessions was used to emulate operator login, remote maintenance, gateway misuse, and malicious command scenarios. Across 10 independently resampled 5000-session test streams, SECaaS-CARO achieved an F1 score of 0.973, a blocking success of 0.965, and the highest deployment utility of 1.173 while reducing mean latency to 21.28 ms compared with 27.06 ms for Logistic-Fixed and 28.15 ms for RandomForest-Fixed. The results indicate that an interpretable calibrated service-orchestration policy can preserve near-supervised detection quality while materially improving deployment-oriented efficiency for new-energy and energy-storage stations.
Xiong et al. (Fri,) studied this question.