1. Introduction

Microgrids can be defined as small-scale, low, or medium voltage power systems with a decentralized group of electricity sources and loads, which can operate connected to or separated (“islanded”) from the main power network. To ensure a proper control, microgrids often make large use of Information and Communication Technologies (ICT). With the term Smart Microgrids (SM), we refer to microgrids that are based on networked control systems. The control network of smart grids cannot, in general, be considered as an isolated network: the control network is commonly connected to outside to receive remote commands or allow remote maintenance. The used network may include wireless channels, and the grid can be geographically dislocated, making some devices physically reachable and prone to attacks. Moreover, the electrical grid is a critical infrastructure, so it can be the target of attackers with huge technical and economical capacities. For these reasons, cybersecurity is a fundamental issue to improve the resilience of microgrids. Several attacks against critical infrastructures have been pursued in the last few years. One of the most dangerous attacks, which gave further visibility to the cybersecurity risks in the industrial sector, has been Stuxnet [1], followed by other complex worms, such as Duqu and Flame [2]. Specifically, in the electrical sector, a severe attack has been the one against the Ukrainian power grid, which caused approximately 225,000 customers to lose power across various areas [3]. Some papers analyze the risks of attacks against Distributed Energy Resources (DER), which may lead to severe outages ^[4][5][4,5]. Researchers all over the world are making efforts to study microgrids and to build testbeds and demonstration sites. A list of microgrid testbeds has been reported in Reference [6], which also provides a classification by distribution network and geographical area. Still, additional efforts have to be provided in order to implement cyber attacks on real microgrid testbeds.

The process of cybersecurity can be broken down into five sub-problems: Deter, Detect, Delay, Respond, and Recover. To deter deals with discouraging attackers from attempting to gain unauthorized access by implementing measures that are perceived as too difficult to defeat. To detect is a fundamental step of the defense-in-depth paradigm, which tackles the problem of recognizing malicious activities as rapidly as possible before or after the attacker has gained access to the system. Once the attack has been detected, the system should be able to react against the attacker, delaying the activities of the attacker, and allowing to take proper countermeasures to defeat the attack and recover from possible damages.

2. Cybersecurity in Smart Microgrids

Smart Grid is the new paradigm for power systems. Even if there is no unique definition, the European Union Commission Task Force for Smart Grids provides the following one: “A Smart Grid is an electricity network that can cost-efficiently integrate the behavior and actions of all users connected to it—generators, consumers, and those that do both—in order to ensure economically efficient, sustainable power system with low losses and high levels of quality and security of supply and safety. A smart grid employs innovative products and services, together with intelligent monitoring, control, communication, and self-healing technologies”.

It is hard to evaluate the cybersecurity risk of smart grids due to the huge variety of Information and Communication Technologies that can be used to achieve a wide set of tasks. For example, the National Electric Sector Cybersecurity Organization Resource (NESCOR) identifies six scenarios in the power system where main failures related to cybersecurity threats [7] can happen: Advanced Metering Infrastructure, Distributed Energy Resources (DER), Wide Area Monitoring Protection and Control, Electric Transportation, Demand Response, and Distribution Grid Management. Each technology has its own peculiarities impacting differently on the whole power system. Several papers address the issue to survey the main vulnerabilities and threats of the electrical power system: ^[8][9][10][8,9,10]. Reference [5] discusses the architecture of power systems with a high penetration of DER and related cybersecurity issues and summarizes attack scenarios against DER also considering attack prevention, detection, and response measures specifically designed for DER. 

3. Software Defined Networking

Software-Defined Networking (SDN) technology is an approach to network management that enables dynamic, resource-efficient, and programmable network configuration in order to improve network performance and monitoring. SDN centralizes the network intelligence in one network component by decoupling the forwarding process of network packets (data plane) from routing process and control actions (control plane). SDN is a useful solution to improve the performance, safety, and security of different types of networks, including smart grid control systems. OpenFlow is the most popular standard/protocol to exchange messages between control and data planes in SDN ^[11][22].

SDN also has interesting applications for the security of Industrial Control Systems (ICS), especially for incident response. It allows increasing the resiliency of the control system, thanks to the possibility to dynamically re-configure the network after the detection of a fault or of a compromised device, allowing it to operate even in degraded conditions. This is particularly useful for control networks within critical infrastructures, which require extremely high availability. Reference ^[12][25] discusses how SDN and Network Function Virtualization (NFV) technologies can help design automatic incident-response mechanisms for ICS and also describes a prototype to show the feasibility in a scenario that uses Programmable Logic Controllers (PLC) managing a classical tank-filling control system. Reference ^[13][26] studies the applicability of emerging technologies in the area of IP networks, including SDN, NFV, and next generation firewalls, to secure ICS. Reference ^[14][27] proposes an attack detection and localization algorithm and designs an intervention strategy in the networked robot control field. A software-defined security approach to secure field zones in ICS is shown in Reference ^[15][28]: it consists of a hybrid anomaly detection module that inspects anomaly behaviors in network communications and physical process states. It proposes a multi-level security response module that allows isolating any compromised zone.

SDN allows verifying the entire communication network concerning security policies (e.g., access control) and network situations (e.g., loop-freedom and congestion-freedom). SDN allows also directly implementing a Network Intrusion Detection System (NIDS) within the SDN controller, even if such implementation may introduce a latency time that could be incompatible with the allowed latency in a microgrid environment ^[16][30]. The application of the SDN paradigm in microgrids may comprehend both security and control applications, as shown in Figure 1 .

Figure 1. Multi-Layered SDN-enabled Microgrid architecture.

4. Resilient Control Strategies

Both in islanded and grid-connected modes, EMS can periodically send the power setpoints to the generators through the control network by using different protocols. To jeopardize the control of the electrical grid acting in grid-connected mode can cause economic damages or even, in some cases, afflict the stability of the whole grid. In islanded mode, attacking control mechanism is a severe threat to the grid stability.

In inverter-based microgrids, secondary control can be based on communication schemes. In these cases, attacks against the communication infrastructure can have severe consequences on the availability of the whole microgrid. The dynamic of electromagnetic system physics is so fast that the attacks targeting secondary control cannot be recognized in time by an IDS to allow the effective deployment of countermeasures. Moreover, these communication-based schemes are vulnerable to unaddressed cryptography attacks, such as DoS attacks. On the other hand, the control of electrical grids is essential for the service continuity. Resilience is topical in this field.

A cyber-attack resilient control strategy for islanded microgrids is presented in Reference ^[17][46]. The proposed control strategy realizes the detection and isolation of corrupted communication links and controllers in a microgrid whose secondary control is based on a distributed control system. A distributed resilient control strategy for frequency/voltage restoration, fair real power sharing, and state-of-charge balancing in microgrids with multiple Energy Storage Systems in abnormal conditions is presented in Reference ^[18][47]. Reference ^[19][48] studies the impact of various kinds of cyber-attacks, such as false data injection ^[20][49], DoS ^[21][50], and replay attacks ^[22][51], on communication links based on CANBus for secondary control of the distributed generators. Reference ^[19][48] also proposes a mitigation strategy based on a reconfigurable secondary control mechanism. Reference ^[23][52] introduces a control strategy able to mitigate false data injection and DoS attacks, demonstrating the stability by using the Lyapunov theory under different scenarios, with and without false data injection, and DoS attacks. Reference ^[24][53] proposes a distributed optimal frequency control for microgrids resilient against cyber attacks on condition that they are within certain ranges, by introducing an auxiliary networked system interconnecting with the original cooperative control system.

Microgrids can present different DER scenarios, including different types of non-programmable and programmable sources. Non-programmable sources can, anyway, participate to the voltage control by injecting reactive power into the grid. Given the variety of scenarios and the complexity of the interactions of multiple sources participating to frequency control, voltage control, or both, there are still some unaddressed issues in the state of the art to be investigated.