With the inclusion of communication networks and smart metering devices, the attack surface has increased in microgrids, making them vulnerable to various cyber-attacks. The negative impact of such attacks may render the microgrids out-of-service, and the attacks may propagate throughout the network due to the absence of efficient mitigation approaches. AI-based techniques are being employed to tackle such data-driven cyber-attacks due to their exceptional pattern recognition and learning capabilities. AI-based methods for cyber-attack detection and mitigation that address the cyber-attacks in microgrids are summarized.
1. Introduction
A microgrid is a group of interconnected loads and distributed energy resources (DERs) that supply power to local customers and can operate in either islanded or grid-connected mode. Microgrids are being leveraged to achieve economic operation, sustainable energy, and resilient power provision objectives
[1][2][3][4]. The microgrid’s controller orchestrates multiple DERs and controllable loads to provide clean and reliable energy at economical prices. As shown in
Figure 1, a typical hierarchical control architecture consists of three layers that operate at varying time scales to achieve the control objectives
[5]. The secondary control layer is vital to maintain voltage and frequency at nominal values in islanded operating mode and, in contrast to centralized control, the distributed secondary control offers flexible, reliable, and seamless integration of DERs
[6][7][8].
Figure 1. The hierarchical control structure operates at three levels to meet the microgrid’s operator objectives.
Modern microgrids have transformed into cyber-physical systems where physical assets such as DERs, loads, and power electronics devices make the physical layer and the cyber layer constitutes a communication network and software-based controllers
[9]. As a result of their reliance on the Internet of Things (IoT) and newly developed wide-area sensor networks, microgrids are particularly vulnerable to cyber-attacks and network outages. Examples of real-world network failures include North America (2003), which experienced a problem with the status estimator and alarm system, Austria (2013), which experienced network congestion as a result of a software defect, and Switzerland (2005), which experienced information overload. Due to a cyber-attack brought on by malware known as BlackEnergy in control center computers, Ukraine’s power infrastructure failed in December 2015, knocking out thousands of homes and facilities. A significant percentage of consumers would lose power due to such malfunctions and cyber-attacks, and very sensitive and mission-critical equipment may suffer serious harm
[10][11][12][13][14][15].
Table 1 summarizes the actual reported cyber-attacks on the energy industry
[16][17][18]. After examining reported cyber-attacks on the energy sector, a typical cyber-attack chain is found to be initiated by gaining initial access through spear phishing. After gaining an initial foothold, adversaries perform a reconnaissance of the network data to spread out and exfiltrate critical information. Once suspicious logins are established, the attackers manipulate the control and safety systems by dispatching malicious commands and locking out the operators from their machines
[19]. The extensive communication network-based cyber layer has resulted in an increased attack surface in microgrids, making them vulnerable to cyber-attacks
[20]. As shown in
Figure 2, such cyber-attacks may target information sharing among the microgrid’s controller and various intelligent electronic devices (IEDs) by either manipulating the measurements or causing communication delays
[21][22]. Attackers with malicious intent can disrupt the transfer of information, resulting in power outages, financial loss, and system instability. With the development of smart grids and the growing interconnection of communication networks, significant cyber-security risks are affecting power grids
[23][24]. With the inclusion of cutting-edge communication and computing tools, the current electricity networks are evolving into smarter systems with increased efficiency. However, because there are so many intelligent devices connected via communication networks, it has led to significant concerns about cyber security. A modern power system’s ability to operate reliably and securely is directly impacted by cyber-attacks on such devices. Man-in-the-middle, distributed denial of service, jamming, and false data injection are some of the main types of cyber-attacks that target smart grids
[25][26][27].
Figure 2. A network of microgrids’ architecture with potential cyber-attack targets is shown. Microgrids connect with the main electrical utility at the point of common coupling (PCC). The converters are controlled locally in the physical layers using the primary level control. The distributed secondary-level control implements the control objective that is received from the tertiary-level controller. IED sensor measurements and communications are susceptible to false data injection (FDI) attacks, while denial of service (DoS) attacks could target the control signals being delivered to the actuators.
Table 1. A summary of major cyber-attacks against the energy industry is provided.
Location |
Target |
Type |
Impact |
North America (2003) |
Network failures in control room operating system |
Denial of service |
Blackout across multiple regions |
Korea Hydro and Nuclear Power (2014) |
Unauthorized access to critical information |
Potential loss of confidential information and designs |
Compromised security and safety of plant and personnel |
Ukraine (2015) |
BackEnergy malware in control room computers |
Denial of service, False data injection |
Blackout across multiple substations |
Kyiv (2016) |
Industroyer malware targeting industrial control systems |
Denial of service, Issuing false control commands |
Power outage to at least one-fifth of Kyiv |
Middle East petrochemical plant (2017) |
Safety system of the plant |
Potential denial of services and life loss |
Plant shut down |
IoT networks and devices are rapidly evolving, producing massive volumes of data that require rigorous authentication and security. One of the most promising approaches for addressing cybersecurity risks and providing security is artificial intelligence (AI). AI technology appears to be a potential way to improve control, security, and performance in smart grid networks
[28][29]. AI-based algorithms are being used in microgrids for a range of applications including intelligent control designs, forecasting, and cyber-attack identification and mitigation
[30][31][32][33]. Data-driven methods are being used to predict the availability of renewable resources. The seasonal dependency of solar and wind along with load demand is forecast using various ensemble learning methods. This information helps in power system planning and unit commitment decisions
[34][35]. Power system operations can experience interruptions due to power system faults and cyber-attacks. Under such scenarios, the restoration time depends upon the nature and location of a cyber-attack. Modern distributed power systems are equipped with communication layers that accelerate the propagation of such attacks. The AI-based learning algorithms can localize and identify the type of such attack. This helps to reduce the restoration time of compromised systems
[36][37][38][39][40][41]. The power grid resilience can be estimated by the frequency and duration of power outage events. The availability of active and reactive power from each generating unit can be adversely affected if control and communication infrastructure are compromised. AI-based resilient control architectures can improve the reliability of the power network. The learning capabilities of artificial neural networks can mitigate the effects of cyber-attacks
[42][43][44][45][46].
Microgrids need to be robust and dependable to deliver a continuous and uninterrupted power supply. Communication networks are necessary for microgrids to coordinate and manage DERs. Microgrids can be efficiently managed by distributed cooperative control strategies, which rely upon real-time monitoring, communication protocols, and interoperability to enable the smooth integration of various microgrid components. Cyberattacks have the potential to compromise security and interrupt regular operations of microgrid control systems. Adversaries might use communication network vulnerabilities to their advantage to intercept or modify the transfer of data. Comprehensive safety precautions need to be taken to stop hostile interference, unauthorized access, and manipulation of control signals. In an ever-evolving environment of cybersecurity threats, regular upgrades, monitoring, and adherence to cybersecurity, best practices are crucial to the optimal operation of microgrids
[47][48][49][50].
The learning capability of AI-based techniques enables them to estimate the parameters of complex systems, making them suitable for microgrid applications. Various types of artificial neural networks (ANNs), such as the adaptive linear neuron, multi-layer perceptron, feed-forward neural network, Elman neural network, radial basis function network, general regression neural network, and deep neural networks, are in use to design resilient control for microgrids to withstand cyber-attacks
[51].
2. Types of Cyber-Attacks in Microgrids
The integrated architecture and related communication networks of microgrids are particularly susceptible to cyber-attacks. The incorporation of intelligent electronic and information-sharing devices and the lack of thorough security standards might leave them vulnerable to malicious cyber-attacks to take advantage of flaws in the system. The potential for smart grid technologies with scalable solutions directly affects the volume of data flow in terms of increased communication and computational needs.
Microgids’ interoperability requires the use of numerous information exchange protocols and communication architectures, which could leave the system prone to cyber-attacks due to insufficient information
[52].
Figure 3 depicts several cyber-attacks targeting the cyber and physical layer in a microgrid.
Figure 3. The potential targets of cyber-attacks include the communication networks in the cyber layer and the intelligent devices in the physical layer of the microgrids.
If this issue is not effectively resolved, the system may become more susceptible to cyber-attacks
[53].
3. AI-Based Cyber-Attack Detection
The presence of communication networks and smart metering devices in microgrids is generating a large data set. These data sets are enabling increased situational awareness of the microgrids and making them vulnerable to cyber-attacks. Therefore, AI-based techniques are being utilized to detect such data-driven attacks due to their exceptional learning and generalization capabilities
[54]. A linear regression-based cyber-attack detection for a distributed control-based islanded DC microgrid is used to detect FDI against voltage and current measurements to maintain a stable control operation
[36]. Through their sensors and communication interactions, DC microgrids are vulnerable to cyber-attacks. False data injection into the cyber layer can interfere with control goals, resulting in voltage instability and unbalanced load-sharing patterns. Detection of such attacks is integral to the stable operation of DC microgrids. Therefore, in
[37][38][39], a deep learning-based detection technique is proposed that takes into account the input features, such as the DC bus voltage and the reference voltage, to forecast the duty cycle of the converter. Apart from FDI, Man-in-the-Middle (MiTM), and denial of service (DoS) type cyber-attacks may also target the communication networks due to the interconnected architecture of smart grids. Therefore, deep learning, Naive Bayes, and Random Forest-based detection techniques are proposed in
[40][41]. These techniques are trained using supervised learning with real-world operational and network traffic data sets, and showed a higher accuracy rate of above 95% to prevent loss of communication and secure the network and metering data obtained from intelligent electronic devices.
By combining predictions from different models, the machine learning technique known as ensemble learning increases prediction accuracy and robustness. The use of the collective intelligence of the ensemble aims to remove any biases or errors that may occur in individual models
[55][56][57]. Therefore, an ensemble learning-based approach using Decision Trees to detect cyber-attacks on bulk electric power transmission networks targeting bid price and quantity signals is proposed in
[58]. This method showed an improved accuracy of 99% to secure the system from attackers to manipulate the system’s reliability and make illegitimate profits by compromising electricity pricing contracts. The manipulation of measurements obtained from substations may lead to incorrect power system state estimations in large connected power networks. An ensemble learning-based technique is developed to detect such attacks that give higher accuracy compared to multiple state-of-the-art machine learning-based algorithms in
[59]. The data obtained from phasor measurement units in wide area power networks is also a target for data spoofing attacks that may lead to incorrect power system state estimation by compromising the measurement source authentication. Therefore, an ensemble empirical mode decomposition using a back propagation neural network is proposed in
[60]. This proposed method is trained using supervised learning with real data from universal grid analyzers from multiple locations and showed improved performance compared to the long short-term memory (LSTM)-based model. Various types of artificial neural networks are being extensively employed for intelligent cyber-attack detection in microgrids. An auto-encoder neural network and a deep learning auto-encoder neural network are used for FDI against load frequency control and voltage sensor measurements in an islanded AC and DC microgrid, respectively
[61][62]. Since the auto-encoder neural network can manage undesired input, such as communication channel disruptions, it is often advantageous for microgrid applications. Also, unsupervised learning is utilized in these auto-encoder-based cyber-attack detection techniques to secure communication networks
[63]. Recurrent neural networks (RNN) such as LSTM, convolutional neural networks (CNN), and nonlinear auto-regressive exogenous model (NARX) neural networks have shown promising results for cyber-attack detection in microgrids
[64][65][66][67][68][69]. RNNs are a subclass of neural networks that are particularly adept at forecasting time-related data sequences. RNNs permit cyclical connections that can map to each output from prior inputs, in contrast to feed-forward neural networks. The case studies demonstrate that deep RNNs outperform traditional and shallow RNNs and gain from the depth of hidden layers in islanded and grid-connected AC microgrids for FDI and DoS type cyber-attack detection on the communication network and phasor measurements
[64][65]. A gated recurrent unit-based neural network and a NARX neural network-based detection techniques against cyber-attacks on current and voltage measurements in an islanded SC microgrid are proposed in
[66][70], respectively.
Apart from Deep and recurrent ANNs, classical machine learning methods are widely being used for classification and cyber-attack detection in microgrids such as Logistic regression (LR), k-nearest neighbors (kNN), Gradient boosting (GBT), Random Forest(RF), multi-layer perceptron (MLP), Naive Bayes (NB), and Support vector machines (SVM)
[71][72][73][74][75][76][77].
4. AI-Based Cyber-Attack Mitigation
With the inclusion of DERs and communication networks, distributed control is becoming popular for integrating renewable resources into the microgrids. The collaborative nature of such distributed cooperative control-based microgrids can easily spread out a simple cyber-attack on a single DER or a communication link to the entire system, resulting in control failure or even making the overall power system unstable
[78][79][80][81]. One solution to mitigate such cyber-attacks and maintain the stable operation of microgrids is to develop a resilient controller
[8][27][78][82][83][84][85][86][87]. AI-based techniques are being utilized to design resilient control schemes in microgrids to mitigate the malicious effects of such attacks
[42][43][44][45][46][88]. Because of its low computing overhead, effectiveness, and simplicity in design and implementation in a distributed control system, adaptive neuro-fuzzy inference systems (ANFISs) are used for cyber-attack mitigation in an islanded DC microgrid in
[42][43]. The proposed framework is based on a residual analysis of the error signal that results from comparing estimated and real detected signals to detect and mitigate the cyber-attack.
NARX ANN is a special class of recurrent neural networks best suited for time series data prediction, input–output modeling of nonlinear dynamical systems, and cyber attack detection in microgrids. Therefore, NARX ANN-based resilient controller is designed to mitigate the cyber-attacks in distributed cooperative control-based AC and DC microgrids in
[44][89], respectively.
The proposed controller is trained using the data obtained by simulating the test microgrid system under varying operating conditions. After optimal selection of NARX ANN parameters during offline training, it is deployed as an estimator to generate the reference for the proportional-integral-based controller in
[89] whereas, it acts as a secondary level controller to replace the conventional PI-based controller in
[44]. Feed-forward ANNs are used to make the existing control resilient in both AC and DC microgrids and showed the improved performance to mitigate the cyber-attacks
[46][71][88][90][91][92]. The proposed technique is based on the reference tracking application for the output DC current of each converter to mitigate the false data. This approach works as a PI-based controller reference tracking application in which the reference is prepared by a Feed-forward ANN that acts as a local estimator for each DER to estimate the output current of the converter. The estimated output from the ANN sets the reference for a PI-based controller whose output is added to the output current of the converter
[46][90][91]. This way, the feed-forward ANN maintains the desired reference value in the secondary control layer when false data are injected into the measurements and communication network of the microgrid to mitigate the impact of cyber-attacks. A similar approach utilizing the feed-forward ANN is proposed for a distributed cooperative control-based AC microgrid and a model predictive control-based DC microgrid in
[71][92], respectively.
Microgrids are becoming more complex with the increased adoption of electric vehicles, and load frequency control has been effectively utilized to maintain frequency under fluctuating load and generation conditions. For such complex microgrids, a Hyper-basis function neural network is employed to mitigate FDI-type attacks on communication networks and measurements. These attacks may lead the microgrid operation to an unstable state due to incorrect state estimation caused by compromised measurements
[45]. In the proposed controller, an intelligent hyper-basis function neural network observer is designed to accurately estimate the state of the microgrids and reconstruct the possible attack signal. Subsequently, a novel hyper-basis ANN-based
𝐻∞ controller is designed to mitigate the negative impact of FDI attacks to maintain the normal operation of the microgrid. In
[93], a multi-agent deep reinforcement learning (RL)-based algorithm is proposed for exposing weaknesses in the current cyber-attack detection techniques and laying the groundwork for more dependable cyber-secure solutions, with a focus on DC microgrids. This technique identifies the weak points in the traditional index-based cyber-attack detection schemes and generates coordinated stealthy destabilizing FDI attacks on cyber-secured islanded DC microgrids. A deep deterministic policy gradient is integrated to give trained RL agents a continuous action space and improve the algorithm’s accuracy and convergence rate. This method identifies a state-of-the-art detection scheme’s sensitivity to a number of coordinated FDI attacks considering the distributed communication delays and load changes.
This entry is adapted from the peer-reviewed paper 10.3390/en16227644