Uploaded bynilesh405711
56 views

A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vulnerabilities_Countermeasures_and_Testbeds.pdf

This document provides a comprehensive review of cybersecurity issues related to grid-connected power electronics converters (GCPECs), highlighting their vulnerabilities due to increased digitalization and accessibility for malicious attacks. It discusses both cyber and physical vulnerabilities, emphasizes the importance of hardware hardening, and explores countermeasures that align with relevant cybersecurity standards. The article concludes with recommendations for future research aimed at enhancing the cybersecurity of GCPECs in smart grid applications.

Engineering
Related topics:
Research Paper

Embed presentation

Download to read offline
Received 14 September 2023, accepted 7 October 2023, date of publication 12 October 2023, date of current version 18 October 2023. Digital Object Identifier 10.1109/ACCESS.2023.3324177 A Review of Cybersecurity in Grid-Connected Power Electronics Converters: Vulnerabilities, Countermeasures, and Testbeds RUIYUN FU , (Senior Member, IEEE), MARY E. LICHTENWALNER, AND THOMAS J. JOHNSON Department of Electrical and Computer Engineering, Mercer University, Macon, GA 31207, USA Corresponding author: Ruiyun Fu (fu_r@mercer.edu) This work was supported in part by the Mercer University Seed Grants Program. ABSTRACT With the increasing installations of solar energy, electric vehicles, and other distributed energy resources and the deeper developments of digitalization and standardization, cybersecurity became more and more essential and critical in modern power systems. Unfortunately, most prior research work focuses on the cybersecurity of power transmission and distribution networks other than distributed energy devices and their grid-connected power converters. Focusing on the Grid-Connected Power Electronics Converters (GCPECs), this article does a comprehensive review of existing outcomes from selected references, in the aspects of vulnerabilities, countermeasures, and testbeds. By analyzing the GCPEC’s layout and countermeasure can- didates, it is found that the vulnerabilities of GCPECs include both cyber and physical layers that are easily accessible to malicious hackers. These vulnerabilities in the two layers must be considered simultaneously and coordinate well with each other. Especially, hardware hardening is an essential approach to enhance cybersecurity within GCPECs. It is also noticed that the detection and mitigation approaches should consider the complexity of algorithms to be applied and assess the limits of computing and data processing capabilities in GCPECs while evaluating the feasibility of countermeasure candidates to cyberattacks in testbeds. In addition, the countermeasures should meet relevant standards, such as IEEE-1547.1, IEEE-2030.5, IEC- 61850, and IEC-62351, to ensure the interoperability and cybersecurity of GCPEC devices in smart grids. Finally, based on the review and analysis, four recommendations are raised for future research on GCPEC’s cybersecurity and their applications in smart grids. INDEX TERMS Countermeasure, cybersecurity, grid-connected, power converter, power electronics, smart grid, testbed, vulnerability. ACRONYMS AC Alternative Current. ADC Analog-to-Digital Conversion. APT Advanced Persistent Threat. ARP Address Resolution Protocol. AWS Amazon Web Service. BAS Blockchain-Assisted Smart. BMS Battery Management System. CAN Controller Area Network. CPLD Complex Programmable Logic Device. The associate editor coordinating the review of this manuscript and approving it for publication was Yuh-Shyan Hwang . CPPS Cyber-physical Power System. CSIP Common Smart Inverter Profile. CSPR Cybersecure Power Router. DAC Digital-to-Analog Conversion. DC Direct Current. DER Distributed Energy Resources. DSP Digital Signal Processor. E2E End-to-End. EPS Electric Power System. ESS Energy Storage System. FDIA False Data Injection Attack. FL Federated Learning. FPGA Field-Programmable Gate Arrays. FSM Finite State machine. VOLUME 11, 2023 2023 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ 113543
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds GCPEC Grid-Connected Power Electronics Converters. GOOSE Generic Object-oriented Substation Event. HIL Hardware-in-the-Loop. HVDC High-voltage Direct Current. IDS Intrusion Detection System. IoT Internet-of-Things. IT Information Technology. LAN Local Area Network. M2C Modular Multilevel Converter. MCU Microcontroller Unit. MITM Man-in-the Middle. ML Machine Learning. MMS Manufacturing Message Specification. MPC Model Predictive Controller. NN Neural Network. OBC Onboard Charging. OT Operating Technology. OTP One-Time Password. PCC Point of Common Coupling. PEDG Power Electronics-Dominated Grid. PQC Quantum Key Distribution. PIC Proportional Integral Controller. PQC Post-Quantum Cryptography. PWM Pulse-Width Modulation. QKD Quantum Key Distribution. RL Reinforcement Learning. ROCOF Rate of Change of Frequency. RT Real Time. SVP System Validation Platform. WBG Wide-Bandgap. µPMU Micro Phasor Measurement Unit. I. INTRODUCTION With the rapid developments of information technology (IT) and smart grids in the past two decades, more and more dis- tributed energy resources (DERs) and energy storage systems (ESSs) are integrating into modern electric power systems. The advanced IT and smart grid techniques bring in many benefits, such as reduced emissions and fuel consumption, easy integration and management of DERs and ESSs, instant feedback of energy production and consumption, seam- less fault diagnose, and more efficient energy management depending on demand. Meanwhile, with the deeper digi- talization and standardization in smart grids, cybersecurity became a critical threat and an essential issue to be solved in electric power systems. A. HISTORY OF CYBERSECURITY IN ELECTRIC POWER SYSTEMS By investigating the history of electric power systems and the applications of digital technology and communication networks nowadays, it was pointed out that the cyberse- curity concern was caused by ‘‘the concept of security by obscurity is compromised’’, due to the negative impact of replacing old-time SCADA systems with modern digitalized communication networks as well as standardizing the names and instructions in modern power systems [1]. In traditional power systems, the communication networks were hardwired with copper wires to coordinate a very limited number of devices for a very specific reason and there was no require- ment for extensive communication/connection to the outside world. Therefore, the ‘‘old-time’’ SCADA systems are physi- cally secured. The only way to hack the system is by sneaking into the substation and implementing a physical connec- tion to the hardwired network to compromise the system. Unfortunately, the application of digital techniques and the standardization of communication networks create accessi- ble cybersecurity vulnerabilities and thus open back doors to hackers in smart grids. Indeed, digital components and devices have replaced analog components and devices sig- nificantly in many applications, to provide better and flexible controllability, easy operation and maintenance, and easy data collection. But it also compromises the physical security of the system and enables easy access to communication net- works, including malicious hackers. Moreover, although the application of the standard IEC-61850 benefits the interoper- ability among various smart-grid power devices in a modern power system, it causes the loss of cybersecurity by obscurity and the easily-identified legitimate models and data objects to hackers at the same time. Therefore, new techniques should be explored to detect and mitigate the cybersecurity vulnera- bilities brought into modern power systems unintentionally. It should be clearly stated that a smart grid is a cyber-physical system and its cybersecurity has physical lim- itations in hardware to apply some encryption algorithms for cybersecurity. Comparatively, for a pure cyber system like the telecommunication system for banking, the cybersecurity is very mature to make sure messages are sent encrypted with- out any malicious modifications to the intended recipients only [1]. In this way, the cybersecurity study in smart grids should always consider the physical limitations in hardware to ensure the proposed countermeasures are executable in practice. As the largest cyber-physical systems in the world, electric power utilities are vulnerable to cyberattacks. The mostly- recent notable cyberattack was the false data injection attack on the power distribution system in Kyiv, Ukraine, on December 23rd, 2015. The control centers of three Ukrainian electricity distribution companies were remotely accessed. Taking control of the facilities’ SCADA systems, malicious actors opened breakers at some 30 distribution substations in the capital city Kyiv and the western Ivano- Frankivsk region, causing more than 200,000 consumers to lose power for a couple of hours [2]. To mitigate the cyber- attack threats, many power companies, national research institutes and agencies, and academic researchers around the world have spent a lot of effort in time and investment on the projects/programs/trails to enhance the cybersecu- rity of smart grids, as some examples listed in Table 9 of [3]. The vulnerabilities of the communication in smart grids were introduced by the standard IEC-62351, which collects 113544 VOLUME 11, 2023
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds FIGURE 1. Hierarchical cyber-physical structure of smart grids. security mechanisms and how to apply them to time-sensitive networking [4]. B. RISE OF CYBERSECURITY ISSUES IN GRID-CONNECTED POWER ELECTRONICS CONVERTERS As a hierarchical system, the cyber-physical structure of smart grids is indicated in Fig. 1. In the system, the power net- works interface to their relevant communication networks via sensors and control signals in the analog-to-digital conversion (ADC) and digital-to-analog conversion (DAC) approaches. The information on power generation, delivery, and consump- tion is exchanged across the communication networks. With the application of advanced IT and power control techniques, bidirectional power flow can be implemented in smart grids compared to the unidirectional power flow in traditional power systems. Typically, the transmission and distribution networks are managed and maintained by power companies, which are not easily accessible to hackers to launch physical- oriented cyberattacks. But the distributed energy devices (such as the solar power systems, ESSs, and EVs shown in Fig. 1) are managed by individual users (residents, commer- cial owners, etc.) and locate at the user’s facilities, which are relatively easy to be physically accessed and become an ‘‘open door’’ to hackers to launch malicious cyberattacks. So, grid-connected power electronics converters (GCPECs) are very vulnerable to cyberattacks. And the cybersecurity of distributed grid-connected power converters influences the safety and reliability of smart grids directly. Unfortunately, most prior research work focuses on the cybersecurity of power transmission and distribution net- works other than distributed energy devices and their grid-connected power converters. For example, in 2023 paper [5] introduced a Federated Learning (FL)-based smart grid anomaly detection scheme where machine-learning (ML) models are trained in a distributed manner by each smart meter device without requiring to share its local data with a central server. This proposed method demonstrated efficient operation in terms of memory, CPU usage, bandwidth, and power consumption at edge hardware. Targeting the cyberse- curity of power transmission and distribution networks, there were numerous accomplishments presented at professional power system conferences, such as the IEEE Innovative Smart Grid Technologies (IGST) and the IEEE Power and Energy Society General Meeting (PES-GM) hosted by the IEEE Power and Energy Society (PES), and published at the journals of IEEE and IET transactions. Comparatively, there was very limited study on the cybersecurity of GCPEC, especially on the physical layer of GCPEC, up to date. That is the reason there were a couple of workshops and symposia the IEEE Power Electronics Society created in recent years: the CyberPEL in 2019 and 2020, and the Design Methodolo- gies Conference (DMC) in 2021 and 2022 [6]. Also, paper [7] of 2023 studied the cybersecurity of smart inverters and inverter-based systems like microgrids. Therefore, focusing on the cybersecurity characteristics of GCPEC, this article does a comprehensive review of existing outcomes from selected references and raised some recom- mendations to the future work of enhancing the cybersecurity of GCPEC. The main contributions of the work can be sum- marized as follows: 1) This article provides a detailed overview of GCPEC’s layout, structure, and features. Based on these, the cybersecurity vulnerabilities of GCPEC and their impacts on smart grid operations were discussed, which lead to a classification of cybersecurity vulnerabilities depending on their relationships to the interior structure and components of GCPEC; 2) This article performs a comprehensive review of cybersecurity countermeasures, focusing on the ones mostly-relevant to GCPEC and proven effective. Mit- igation approaches against cyberattacks were intro- duced in different aspects: the cyber layer, the physical layer, and the coordination to cybersecurity standards; 3) This article also presents several hardware testbeds for the cybersecurity study of GCPECs. These testbed examples are groundbreaking efforts and can be used by peers as reference to explore and design suitable hardware testbeds to meet their own cybersecurity val- idation needs; 4) This article raises some recommendations as potential directions for future research on cybersecurity vulner- abilities, countermeasures, and testbeds for GCPECs. This paper focuses on the GCPEC’s cybersecurity issues and thus no superfluous statement on the cybersecurity of power transmission and distribution systems is included herein. This paper presents and analyzes the cybersecurity of GCPEC, in the aspects of vulnerabilities, countermeasures, and testbeds. The following sections are organized as fol- lows: Section II introduces the GCPEC and its interactions with distributed energy devices and smart grids briefly, and then reveals its relevant vulnerabilities in cybersecurity; Section III explores the countermeasure ideas and approaches VOLUME 11, 2023 113545
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds to different cyberattacks and analyzes their performances, as well as their coordination to cybersecurity standards; Section IV demonstrates some testbed examples to validate cybersecurity solutions for GCPEC; and finally, Section V discusses some recommendations for future study, which lead to a conclusion drawn in Section VI. II. VULNERABILITIES OF CYBERSECURITY This section introduces the layout of GCPEC and its interac- tions with distributed energy devices and smart grids. After that, based on the structure and features of GCPEC, the vulnerabilities of GCPEC and their impacts on smart grid operations are reviewed and discussed. A. LAYOUT OF GCPEC Fig. 2 shows the general structure and major components of GCPEC. The GCPEC mainly consists of two sections: one is the ‘‘Power Electronics Conversion’’ to handle the voltage and frequency conversions of electric power between the direct-current (DC) power of distributed energy devices and the tie point of three-phase alternative-current (AC) power of utility grids, i.e., the ‘‘Grid Tie’’ shown in Fig. 2; the other one the ‘‘Communication Module’’ to collect, exchange, and share power information, data, and command with the upstream communication devices in smart grids in real- time. One example is the internet-of-things (IoT) device, which is a collaboration of custom-designed technologies to interconnect internet-enabled physical devices and enable communication with each other through a wireless network. As some existing GCPEC devices invert dc power into ac format in a smart grid and deal with operation monitoring via telecommunications, they are often called ‘‘smart inverters’’ in some literature. FIGURE 2. The layout of GCPEC and its interconnections to distributed energy devices and smart grids. The dc power components within the distributed energy devices include solar panels and battery packs in ESSs and EVs. Due to the energy storage feature of batteries, bidirec- tional power converters should be adopted to support flexible energy storage and delivery to smart grids freely. For solar energy harvesting, there is unidirectional power delivery from solar panels to smart grids through GCPECs. Depending on the voltage level of dc power, the GCPEC can utilize a single-stage power conversion of ‘‘DC-AC’’ or a dual-stage power conversion of ‘‘DC-DC-AC’’ with an additional dc booster. Based on Fig. 2, it is noticed that cyberattacks can be launched against either the power conversion section physi- cally or the communication module in cyber. Therefore, the cybersecurity of GCPEC is not a sole cyber issue anymore and its vulnerabilities in hardware and related hardening approaches should be considered. B. VULNERABILITIES OF GCPEC 1) PRIOR CASES OF VULNERABILITY STUDY Previously, the firmware vulnerabilities in power electronics converters were discussed in [8]. These firmware attacks have the potential to ‘‘disrupt power, damage inverter systems, threaten human health and safety, and harm economic loss’’ [9], [10]. There are three major attack points in the firmware attack surface: 1) vendor access via a regular software update and maintenance network remotely; 2) user access via user remote interface; and 3) user physical access via USB flash drive or local area network (LAN) [9]. Focusing on a battery management system (BMS), paper [11] summarized five common attack points: 1) network vul- nerability, 2) software/firmware vulnerability, 3) data storage vulnerability, 4) on-board interface vulnerability, and 5) hard- ware component security vulnerability. These vulnerabilities include weaknesses in both the physical layer and cyber layer within the battery management system. Also, based on an EV charger, various data integrity attacks on power electronics hardware were analyzed in [12]. According to the comprehensive control scheme for the onboard-charging (OBC) control, there are four major types of cybersecurity threats classified for the OBC system: modi- fication, interference, interruption, and interception [13] [14]. By applying and modeling these cyberattacks in the OBC system, they can be generally classified into control-based attacks and hardware-based attacks. In control-based attacks, cyberattacks can be launched toward the controller area net- work (CAN) communication bus and the side channels of field-programmable gate arrays (FPGA) in the OBC sys- tem. And hardware-based attacks can occur to disable the hardware circuitry of the OBC system, such as the sudden loss of load, grid-side short circuit, sudden loss of the input, etc. These hardware attacks may disable the OBC system permanently and cause personnel to be hurt or even die in practice. Actually, these classified vulnerabilities can be broadly expanded to other communication networks, micro- controllers, and hardware circuitries in power electronics devices [12]. Moreover, as discussed in Section I - ‘‘Introduction’’, the deeper standardization of the smart grid introduced cyber- security vulnerabilities. Paper [15] revealed the possible cyberattacks on smart inverters (SIs) via changing the critical points in their operation modes. As IEC/TR 61850-90-7 [16] defines nine standardized interoperability function modes for distributed energy resources, seven power-related function modes are in charge of SI’s operation, in the aspects of active/reactive power control and frequency control. Dif- ferent from volt-var control in other literature, paper [15] 113546 VOLUME 11, 2023
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds focuses on the volt-watt management capability in the two standard modes named ‘‘VW51’’ and ‘‘VW52’’. The stan- dard ‘‘VW51’’ curve is designed for the generation to avoid SI causing overvoltage in the system, while the standard ‘‘VW52’’ curve being used for charging against overvoltage in the system. The two standard curves might be compro- mised by a hacker and thus their operating points are badly tampered with. This research in [15] has demonstrated this vulnerability in SI, which can cause disastrous consequences in power systems. In addition, there was research on the cybersecurity related to quantum computing. In 2021, paper [17] firstly introduced the vulnerabilities of quantum security for power infrastruc- tures including distributed energy resources (DERs). As a ground-breaking technology, quantum computing pushes the boundary of cybersecurity. Due to its superfast computing (theoretically, trillion-level faster than a conventional classi- cal computer), quantum computing attacks can break most of the latest cryptography algorithms. As countermeasures, there were two promising quantum-safe technologies: quan- tum key distribution (QKD), and post-quantum cryptography (PQC) evaluated in [17]. The QKD generates a one-time pass- word (OTP) through the quantum channel to continuously provide the secret keys for OTP based on physical laws. The PQC technology requires the computational capability of the DER should be sufficient to meet the requirements of PQC algorithms. Five types of PQC were compared and draw the conclusion that the PQC requires longer latency than the one- PQC algorithm. Therefore, it is expected that PQC can be applied to the DER network with 5G data transmission speed. Based on the analysis, it was recommended that: 1) it will be practical solutions to develop cost-effective quantum devices and a server-based QKD network, say ‘‘apples to apples’’; 2) since QKD does not encrypt data itself, it still requires PQC to achieve quantum-safe security; and 3) when only PQC is adopted for quantum-safe security, the advanced communi- cation network with high transmission speed is required or a light-weight PQC should also be developed. 2) DISCUSSION ON GCPEC’S VULNERABILITIES By reviewing the GCPEC’s vulnerabilities explored in the previous studies, it is noticed that: no matter whether it is a battery management system, an EV charger, a smart inverter for solar panel, or any other type of grid-connected power electronics converter, the interior structures of these GCPEC devices are similar and mainly consists of the main power circuit and auxiliary circuits, the drive circuit and sensors, and the controller that communicates upstream networks. The main power circuit handles the electric power flow through GCPEC, either unidirectional or bidirectional. The configu- ration of the main power circuit is determined by the topology of GCPEC and its power semiconductor devices. The other main component is the controller, which communicates to the upstream commander through communication networks, pro- cesses the control commands and sensor feedback, monitors the GCPEC’s status, and generates signals to control the behavior of power semiconductor devices through the driver circuit. The controller can be carried on various analog and digital electronics controllers, such as digital signal proces- sors (DSPs), FPGAs, microcontroller units (MCUs), etc. The drive circuit enlarges the power level of the control signal to drive the power semiconductor devices in the main power circuit. Both the sensors and driver circuits serve as the interfaces between the main power circuit and the controller. In addition, there are auxiliary circuits to protect the GCPEC devices and personnel of operation and maintenance. FIGURE 3. Classification of cybersecurity vulnerabilities, and their relationships to the interior structure and components of GCPEC. Depending on the vulnerability’s discussion and the anal- ysis of GCPEC’s interior structure, cyberattacks can be launched through cyber layers, such as communication net- work access, the firmware of IoT devices, and data storage ICs, as shown in Fig. 3. Also, the cyberattacks can be physically implemented via sensors, pulse-width modulation (PWM) and driver circuits, and system protective circuits, such as overcurrent/overvoltage protection, thermal protec- tion, etc. Fig. 3 illustrates the classification of these vulner- abilities and their relationships to the interior structure and components of GCPEC. These vulnerabilities are classified into: access attacks, firmware attacks, data storage attacks, PWM signal attacks, and protective circuit attacks. These vulnerabilities can be maliciously attacked by the means of cyber, physical, or both. These vulnerabilities are general cyberattack threats to the GCPEC devices and thus should be all considered and checked during the study of cyberse- curity countermeasures. Considering the unique features of quantum computing, the vulnerabilities of quantum security are excluded from the scope of this article. Based on the discussion above, the cybersecurity vulnerabilities and their relevant interior structure and components in the cyber and physical layers within GCPEC are classified in Table 1. III. COUNTERMEASURES OF CYBERSECURITY This section introduces the countermeasures of cybersecurity for GCPECs in three aspects: 1) the mitigation approaches to deal with the vulnerabilities at the cyber layer, such as the data VOLUME 11, 2023 113547
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds TABLE 1. List of cybersecurity vulnerabilities in GCPEC devices. storage attack, firmware attack, and network access attack; 2) the mitigation approaches to overcome the vulnerabilities at the physical layer, say ‘‘hardware hardening’’ to GCPEC; and 3) the coordination to the existing and developing stan- dards relevant to the cybersecurity and GCPECs, such as the standards IEC-61850, IEC-62351, IEEE-1547.1, IEEE-1815, and IEEE-2030.5. The GCPECs should meet these standards to guarantee their cybersecurity and interoperability in smart grids. A. MITIGATION METHODS AGAINST CYBERATTACKS There are several methods explored to detect and mitigate cyberattacks for GCPECs, which are based on the techniques of blockchain and watermarking, as well as the PQV-limit model for intrusion detection. This subsection focuses on the mitigation methods for GCPEC’s cybersecurity issues and thus not include any superfluous statement on the mitigation methods for the cybersecurity of power transmission and distribution systems. The reviews of these study cases lead to the recommendation of future research in Section V-A. 1) BLOCKCHAIN TECHNIQUE Blockchain is a system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system. Blockchain is a shared, immutable ledger that facilitates the process of recording transactions and track- ing assets in a network. In 2020, paper [18] proposed a metering method based on the blockchain network in smart inverters. This method operates similarly to micro phasor measurement units (µPMUs) and is implemented by an IoT device as a local security node. The blockchain network was designed to validate measurement data, generate a metering ledger, manage ID, and store metering ledgers [18]. The proposed blockchain network focused on the utilization of blockchain smart contracts, which are self-executing scripts that execute the terms of contracts triggered by designated events. This method was proven by experimental tests on its improvement to the communication and data security of the IoT-enabled smart inverters. It helps to enhance visibility and situational awareness for advanced grid services. The proposed blockchain-assisted smart (BAS) inverters are cost- effective, which is estimated at only $20∼$100 versus a typical PMU of $2,000∼$5,000. This is an attractive feature to realize cost-effective cybersecurity solutions in GCPECs. Later in 2021, a blockchain-based firmware security check and recovery framework were proposed to mitigate the threats from firmware security attackers [9]. The blockchain proper- ties defined in the framework include: 1) permissioned and private network (membership service); 2) maintaining data integrity-the blockchain normally will not be altered after being committed into the ledger; 3) smart contracts define a set of rules to govern transactions within the network; and 4) distributed ledgers to avoid the point of a single attack. In 2021, a blockchain-based man-in-the middle (MITM) attack detection method was proposed for a PV system [19]. This method utilizes security modules attached to operating technology (OT) devices in a PV system and distributed blockchain network with users or vendors involved to build a cooperative data integrity validation ecosystem. Experimen- tal tests were performed to validate that this method can detect MITM attacks modifying in-transit data by keeping tracing authentication, integrity, and authorization of data, as well as providing security logs of the critical assets [19]. Furthermore, the blockchain technique was applied to enhance the cyber-physical security of BMSs in 2022 [11]. It was pointed out that BMS developers may overlook and neglect potential security-related vulnerabilities for current BMSs and future BMSs in cyber-physical environments. Therefore, the paper [11] firstly investigated this urgent chal- lenge and how to mitigate the cyberattacks on BMSs and introduced the infrastructure and features of the BMS with blockchain technology. It was highlighted that blockchain is a distributed data structure consisting of timestamped blocks and links between the blocks called ‘‘chains’’, and the blocks are inherently resistant to tampering and revision [20]. And a smart contract is an event-driven program that executes the terms of contracts with the state, which run on a replicated, shared blockchain ledger [20]. In this way, the BMS develop- ers can utilize the smart contract to implement an efficient trading workflow between the blockchain network and the physical world, i.e., the BMS in this application. Focusing on the five common attack points of BMSs stud- ied in [11] and described in Section II-B: 1) the network vulnerability, 2) the software/firmware vulnerability, 3) the data storage vulnerability, 4) the on-board interface vulnera- bility, and 5) the hardware component security vulnerability, blockchain technique was used to address all these vulnerabil- ities, respectively. For each common attack point, the relevant blockchain strategy was proposed and discussed for securing BMSs, as listed in Table 2. The paper [11] also compared several blockchain plat- forms and found the Hyperledger-Fabric is the most fea- sible for BMS applications. Besides the excellent features of other blockchain platforms, the Hyperledger-Fabric is a private and permissioned blockchain type, which requires less energy and computation. It has significantly less latency in a blockchain ledger creation without the requirement of transaction fees/coins. It also has the ability of running smart contracts. The paper [11] can serve as a baseline reference for the understanding and design of cybersecurity-related 113548 VOLUME 11, 2023
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds TABLE 2. Cybersecurity vulnerabilities and their corresponding blockchain strategies (summarized from [11]). issues in BMS. Obviously, the blockchain technique can be expanded and generally applied against the cybersecurity vulnerabilities in GCPECs for smart grid operations. 2) WATERMARKING TECHNIQUE A digital watermark is a kind of marker covertly embedded in a noise-tolerant signal such as audio, video, or image data. It is typically used to identify ownership of the copyright of such signal. ‘‘Watermarking’’ is the process of hiding digital information in a carrier signal; the hidden information should, but does not need to, contain a relation to the carrier signal [34]. Digital watermarks may be used to verify the authentic- ity or integrity of the carrier signal or to show the identity of its owners. It is prominently used for tracing copyright infringements and for banknote authentication. In 2020, paper [35] introduced an active detection scheme based on the dynamic watermarking technique [36], [37] for cyberattacks in grid-tied PV systems. Further, in 2021 the dynamic watermarking technique was applied to detect the problem of attacks on sensor measurements, which forms a ‘‘robust cyber shield’’ named for grid-connected PV inverter system [38]. The tampering behavior on sensor measure- ments, a kind of fault data injection, can be detected to avoid instability in power inverter systems. The dynamic water- marking test equations are derived from the mathematical expression of the inverter control system for cyberattack judg- ment. The matrices ‘‘A’’ and ‘‘B’’ in these test equations are calculated from the system identification methodology [38]. The performance of the proposed robust cyber shield was demonstrated in simulation and experimental tests on a test system of a 5 kW PV inverter connected to a 240 V grid. It was noticed that a nonlinear load of 2.4 kW was included in the test system, to verify the impact of voltage harmonics introduced by the nonlinear load on the proposed detection scheme. The test results demonstrated that the proposed digi- tal watermarking algorithm can almost instantaneously detect tampering on sensor measurements, even if there is a nonlin- ear load in the system. These research activities verified the effectiveness of the watermarking technique in dealing with the false data injection into sensor measurements, as well as serving as potential resistance to general cyberattacks. 3) INTRUSION DETECTION BASED ON PQV LIMITS PQV limits can be used to identify three distinct operation regions of GCPEC: normal, safe, and abnormal. In 2020, an intrusion detection system (IDS) was proposed based on the theory of PQV limits in PV inverters [39]. This method can be used for cybersecurity detection in a distribution net- work with a high penetration of PV inverters, especially on false data injections. The IDS is based on the state-space model of grid-following inverters. Its design relies on the network topology, network inverters’ ratings, and controller specifications. The accuracy of this method is influenced by the impedance (Rgi and Lgi) in the network. Rgi and Lgi are the resistance and inductance seen by the ith distributed inverter from its local point of common coupling (PCC) to the main grid feeder bus terminal [39], respectively. The impedance can be determined by a graph theoretic approach [40] in the application. Based on the derived PQV contours, an IDS block diagram was developed in [39] for proactive intrusion detection. And its effectiveness was verified in the simulation tests of a power electronics-dominated grid (PEDG) with four 30 kVA grid-following inverters. Based on the analysis of the mitigation methods applied to GCPECs, the blockchain technique is based on distributed data structure and has a notable feature of low energy and computation capability from the controller of GCPEC. Com- paratively, the watermarking technique and the intrusion detection are all based on the mathematical modeling of GCPEC systems. The accuracy of the system parameter esti- mation has a direct effect on the effectiveness of cybersecurity mitigation. The mathematical models also require additional data storage space in the controller of GCPEC. This bur- den may block the application of these techniques on some GCPEC devices, which have limited computing and data storage capabilities. In addition, paper [41] introduced a noninvasive anomaly diagnosis mechanism to distinguish cyberattacks and faults in power electronics systems. This mechanism only requires locally-measured voltage and frequency as inputs and can distinguishes anomalies within 5 ms, which is the fastest diagnosis time per the authors’ best knowledge in 2023, com- pared to other existing anomaly diagnosis mechanisms [42], VOLUME 11, 2023 113549
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds [43], [44]. The scheme of this mechanism was validated on two benchmark distribution systems: CIGRE LV distribution system and IEEE 37-bus distribution systems, using real-time (RT) simulations in OPAL-RT environment with HYPERSIM software and also on a hardware prototype [41]. Recently, some efforts were conducted to exploit vul- nerabilities of established countermeasures of cybersecurity for GCPEC. Paper [45] of 2023 proposed a reinforcement learning (RL)-based method to uncover the deficiencies of existing false data injection attack (FDIA) detectors used for modular multilevel converters (M2C) applications, a promi- nent solution for high-efficient long-distance high-voltage direct current (HVdc) transmission systems. Depending on the defined RL scheme, it is necessary define the following elements to use the RL technique for obtaining the FDIA attacker: 1) the inputs of the actor, which is the neural network (NN) that will define the attack, and the critic, another NN that evaluates the cost; 2) the output of the actor; 3) the reward function that drives the training; 4) the experiment design [45]. The effectiveness of this RL method was verified in HIL studies, which found that the attack sequences depend on the characteristics of the FDIA detector studies, i.e., the more sophisticated the FDIA detectors, the more complex attack sequences will be generated by the proposed RL-method. This method can help to improve the detection effectiveness of the current FDIA detectors available nowadays. B. HARDWARE HARDENING Hardware hardening is an essential approach to physically secure the safety of GCPEC’s operation and interconnected systems. To the best knowledge of the authors, up to date there were two hardware-hardening approaches developed to mitigate cyber threats physically in GCPECs and thus enhance the security of digital controller and driver circuitry, respectively. By studying these two cases, more novel meth- ods and designs of hardware hardening should be developed to strengthen the physical security of GCPEC further as discussed in Section V-B. 1) PARALLEL CONTROL FRAMEWORK In 2022, a parallel control framework was proposed against the impact of cyberattacks on the operation of power convert- ers [46]. The control framework consisted of a digital model predictive controller (MPC) and an analog proportional inte- gral controller (PIC), which were physically connected in parallel. When a cyberattack was detected, the digital MPC was isolated from the control loop and thus the analog PIC handled the control of the power converter. After the cyberat- tack disappeared, the MPC could be reconnected immediately and dominated the control loop again. In paper [46], a pulse width modulation (PWM) merging unit was designed to con- trol and select the PWM signals between MPC and PIC under normal conditions and the compromised conditions caused by cyberattacks. The mathematical model of the proposed paral- lel framework and the digital MPC design were introduced in [46] in detail. Due to the consideration of the PIC in parallel, the MPC design was more complicated than usual. But the added hardware for the parallel framework only included the extra PWM merging unit, a cyberattack detection unit, and some multiplexers, which made it a cost-effective solution to enhance the security of power converters via hardware hardening in practical applications. The proposed parallel framework was verified on a 1-kW buck converter prototype. The digital MPC was designed and coded on TI’s DSP TMS320F28335 [47]. The experimental tests were conducted to compare the performance of MPC and PIC, analyze the influence of parameter mismatching, and verify the effectiveness of the parallel control under cyberattacks, as well as the restoration of the system after the cyberattack disappeared or was removed. The experimen- tal results proved that the proposed parallel controller can provide good steady-state and dynamic performance in the cybersecurity of power converters. 2) SECURITY-ENHANCED DRIVER CIRCUIT In 2020, a new extra digital-logic circuit was proposed in [12] to enhance the security of the driver circuit in an OBC system. This simple circuitry was inserted between the controller and driver ICs to eliminate possible severe dc-link short-circuit failure and thus enhance the reliability of the OBC system. Since paper [12] revealed that this logic circuit can operate properly and safely up to 2 MHz switching in PWM, the new logic circuit can be generally applied to GCPECs with various power semiconductor switching devices, e.g., IGBTs and MOSFETs, including the traditional silicon-based ones and the emerging wide-bandgap (WBG) based and ultra- WBG ones. By studying the two hardware-hardening approaches, it is noticed that each approach provides one protection towards a particular hardware component within GCPEC. The parallel- control framework protects the digital controller and enables its continuous offline operation under cyberattack. And the security-enhanced driver circuit protects the switching logic of the driver circuit in GCPECs. Both hardware-hardening approaches cost-effectively implement their functions. In future, more innovative approaches should be invented to harden the other hardware components as shown in Fig. 3. In addition, in 2021 paper [48] introduced a method inte- grating the concepts of firmware hot-patching, digital twins, and active monitoring to realize an embedded online security into the cybersecurity protection of grid-connected devices. This method focuses on the control and hardware layer and embeds both an online digital twin and hot-patching methodology into the controls of a grid-connected device. The concept of a digital twin was described in [49], and the concept of hot-patching was introduced in [50], [51], [52], and [53]. This method will allow for firmware to be patched and validated from the control layer before it is activated to control the overall system, which adds an additional layer of protection. Paper [48] validated the effectiveness of the 113550 VOLUME 11, 2023
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds proposed method on an embedded controller architecture consisting of an FPGA and two DSP controllers and various auxiliary components (as shown in the Fig. 2 of [48]). C. COORDINATION WITH CYBERSECURITY STANDARDS All GCPECs in smart grids should coordinate with certain requirements and protocols defined in relevant standards to ensure their interoperability and highly-secured cybersecurity in the system. Two sets of standards are discussed here: 1) IEC-61850 and IEC-62351, which regulate the commu- nication protocols and their cybersecurity countermeasures; and 2) IEEE-1547.1, IEEE-1815, and IEEE-2030.5, which regulate the interoperability of distributed energy resources in smart grids. Below are the descriptions and discussions on these standards, which can be used as references for the coordination study of GCPEC’s integration into smart grids with enhanced cybersecurity. 1) IEC-61850 AND IEC-62351 STANDARDS Standard IEC-61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. From substations to grids, IEC-61850 has become the most promising communication standard for the integration and interoperation of power instruments and devices from various vendors in smart grids. To over- come the cybersecurity threats from the IEC-61850 evo- lution, IEC-62351 was developed to mitigate the threats by securing different IEC-61850 messages. The IEC-61850 message structures and the performance of security analysis by using IEC-62351 security mechanisms were conducted in [54]. Accordingly, IEC-62351 was developed for handling the security of the TC-57 series of protocols including the IEC-60870-5 series, IEC-60870-6 series, IEC-61850 series, IEC-61970 series & IEC-61968 series. It establishes a com- plete end-to-end (E2E) security model required for power system communications. Studying the background and security requirements in IEC-61850 power utility automation systems, there are four basic security requirements: confidentiality, integrity, avail- ability, and nonrepudiation [55]. Due to the two main factors of IEC-61850’s popularity: a) easy connection via Ethernet; and b) standardized message structures, it creates undesired cybersecurity vulnerabilities via the communication network of power systems. Paper [56] revealed that false data attacks can be identified by modifying generic object-oriented sub- station events (GOOSE) messages and trip circuit breakers in substations. Paper [57] concluded three types of so-called ‘‘GOOSE poisoning’’, which include high-status number attacks, high-rate flooding attacks, and semantic attacks [58], [59], [60]. And paper [61] demonstrated a Man-In-The- Middle (MITM) attack on the IEC-61850 manufacturing message specification (MMS) messages by the address res- olution protocol (ARP) spoofing. These different types of security attacks and their relevant requirements in IEC-61850 automation systems were summarized in [54]. To mitigate these false data attacks, IEC-62351 provides smart grids E2E cybersecurity measures and solutions. Three security requirements specified by IEC-62351 for different IEC-61850 messages were analyzed in [54]: a) GOOSE and SV messages. The ‘‘SV’’ is shorted for ‘‘sampled val- ues’’; b) R-GOOSE and R-SV messages. The ‘‘R’’ represents ‘‘routable’’. These messages are essentially the same as the first category ones but can be routed to different LANs and WANs, which could extend their operations domain signifi- cantly but also introduce additional cybersecurity vulnerabil- ities; and c) MMS messages used for P2P communications. From the analysis, it was found that the use of the RSA digital signature defined in the IEC-62351-6 standard for securing GOOSE and SV does not meet the timing considerations of IEC-61850 in [54]. It was also highlighted that ‘‘The IEC-61850-90-5 stipulates that for R-GOOSE and R-SV, the information authenticity and integrity are mandatory require- ments, while the confidentiality is left as optional.’’ and ‘‘for the optional confidentiality of R-GOOSE/R-SV messages, IEC-61850-90-5 recommends the use of encryption algo- rithms, such as AES-128 and AES-256 algorithms’’. Also, the packet format and signature algorithms were described for the secure R-GOOSE and R-SV messages in [54]. In addition, for MMS client-server messages, the security issues were analyzed for the transport profile and application profile, respectively. The recommended cryptographic algorithms for the E2E security profile were listed in [54], which can be used as a good reference to understand the cybersecurity vulner- abilities of IEC-61850 messages. It recommended solutions in IEC-62351 to explore cybersecurity solutions for the IEC- 61850-based substations and smart grids, in consideration of timing limitations in practice. Paper [4] introduced vulner- abilities of the communication in smart grids and revealed the security mechanisms collected by IEC-62351 and how to apply them to time-sensitive networking. Moreover, there are a couple of tables and figures that can be used as good references to understand the relationships between IEC-61850 and IEC-62351 standards and different security threats and measures, as listed in Table 3. Paper [62] of 2022 demonstrated a design of smart controller for managing penetration of renewable energy in a smart grid by integrating the IEC-61850 communication layer and physical intelligent electronic devices. 2) IEEE-1547.1, IEEE-1815, AND IEEE-2030.5 STANDARDS Since the introduction of renewable energy resources and distributed power generations, the standard IEEE-1547-2013 was developed in 2013 to define the technical specifica- tions and testing of the interconnection and interoperability between utility electric power systems (EPSs) and dis- tributed energy resources (DERs). In 2018, the standard IEEE-1547-2018 was updated to include standardized inter- operability. Later, in 2020, the standard IEEE-1547.1 doc- umented the step-by-step test procedure for evaluating the interoperability requirements of IEEE-1547-2018. Besides the IEEE-1547 series standards, the Nationally Recognized VOLUME 11, 2023 113551
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds TABLE 3. A list of table and figure references selected from [4] and [54]. Testing Laboratories (NRTLs) certified DER’s compliance with Underwriters Laboratories (UL) 1741 [63], [64]. The IEEE-2030.5 is a standard for communications between the smart grid and consumers, which uses IoT concepts and gives consumers a variety of means to manage their energy usage and generation. Generally, there are four compliance protocols focusing on the DER’s compliance as described in [63] and listed in Table 4 herein. The UL-1741 supplement A (SA) is a safety test standard to certify products, which meet the require- ments of safety and reliability in operation in support of grid modernization efforts. It validates compliance for grid support utility interactive inverters, i.e., the ‘‘smart inverters’’, functionally. TABLE 4. A list of four compliance protocols on DER’s compliance (summarized from [63]). Paper [63] used four test devices to demonstrate an open-source framework for the evaluation of DER’s interoperability: a) a SunSpec DER Simulator with a SunSpec Modbus interface; b) an EPRI-developed DER simulator with an IEEE-1815 interface; c) a Kitu Systems DER simulator with an IEEE-2030.5 interface; and d) an EPRI IEEE- 2030.5-to-Modbus converter. The Table. 2 and Table. 3 of [63] listed the information of different interoperability tests required and mandated in IEEE-1547.1 for each protocol, including the nameplate data tests, configuration information tests, monitoring information tests, and various management information tests, respectively. The open-source framework is openly available to DER vendors, utility operators, cer- tification laboratories, and research institutions to evaluate and analyze the target DER’s interoperability performance, in the aspects of implementation, communication, testing, interoperation, and cybersecurity. Three information models for IEEE-1547 functionality were used to validate the interoperability of multiple DER simulators: a) 700-series SunSpec Modbus model definitions [76]; b) DNP3 application note [77]; and c) common smart inverter profile (CSIP) [78]. Paper [63] represented the first detailed investigation of these information models using the DER interoperability certification procedure and was the first to demonstrate the IEEE-1547 communication proto- cols [63]. In their experiment work, the system validation platform (SVP) was connected to four DER end-point sim- ulators, which each used an IEEE-1547-mandated protocol: SunSpec DER, IEEE-1815 DER, IEEE-2030.5 DER #1, and IEEE-2030.5 DER #2. It was highlighted that ‘‘the IEEE 1547.1 testing is not a comprehensive interoperability test sequence. It is designed to verify a basic level of function- ality to demonstrate the DER communication interface is connected appropriately to the electrical control and mea- surement capabilities of the DER’’ [63]. Therefore, separate certification programs and activities may need to be con- ducted to fully validate the communication capabilities of DER, depending on the requirements of interoperability in utility grids. Based on the features of simulators, the authors of [63] from Sandia National Laboratories, SunSpec Alliance, and Electric Power Research Institute (EPRI) conducted a series of tests on the prototype DER devices to assess the IEEE- 1547.1 interoperability. These tests included the nameplate data tests, the configuration data tests, the monitoring infor- mation tests, and the management information tests. From the experiment process, a couple of issues were explored with the IEEE-1547.1 test procedure, the information mod- els, pySunSpec2, and the DER simulators running each of the protocols. This information and results are valuable to power companies, utility management and operators, and researchers from academia and institutes to assess the inter- operability performance of their DER products and pro- totypes. The SunSpec SVP Dashboard test platform [79] and relevant tables and figures described in [63] can be used by DER developers and researchers in the labora- tory to configure their own testbeds and plan tests as references. 113552 VOLUME 11, 2023
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds Based on the state of the art of these standards, the mit- igation methods of GCPECs should be checked to ensure their compatibility with IEEE-1547.1, IEEE-1815, and IEEE- 2030.5 standards for system interoperability. At the same time, the mitigation methods of GCPECs can contribute to the development of IEC-61850 and IEC-62351 for cyberse- curity at GCPEC end, as an addition to the cybersecurity of transmission and distribution networks. IV. TESTBEDS FOR CYBERSECURITY VALIDATION In this section, several hardware testbeds are introduced for the cybersecurity study and experiments of GCPECs applied to DERs, PVs, and EVs. As a ‘‘new-new’’ technology, cases of cybersecurity validation in hardware are rare up to date. Therefore, these hardware testbeds are groundbreaking efforts and can be used by peers as references to explore and design suitable hardware testbeds to meet their own cybersecurity validation needs. A. TESTBED EXAMPLE #1 – ‘‘CSPR PROTOTYPE’’ A power cybersecure power router (CSPR) prototype was introduced in [80], which can route control of the power electronics converters between a primary controller and a sec- ondary controller, as well as a set of lockout signals. The pro- posed cybersecure scheme can avoid unfavorable interrupted operations in power converters, while the firmware of the power converters is being updated. The power-electronics- related cyber threats were summarized in a threat matrix in terms of assets, threats, and mitigation methods. The assets and threats were briefly discussed in the classifications of: 1) network communication, 2) firmware, 3) hardware, and 4) power processing. Many metrics and security fea- tures for these assets require little adaptation for the CSPR prototype [80]. The major components of the CSPR prototype are listed in Table 5. The interconnections of these major components were shown in a block diagram (as the Fig. 2 of [80]). The CSPR prototype was energized by a BK Precision power supply (model 1672) and delivered electric power to a dc load bank of 1.2 k. During experimental tests, the input power of the C prototype varied within [9.0, 25.0] V and up to 0.5 A. In the cyber layer of the CSPR prototype, a heartbeat was generated by each controller coded in the two TI DSPs and then supplied to a hardware-assisted monitor instantiated within the complex programmable logic device (CPLD) [80]. The heartbeat was used to evaluate the firmware integrity at run-time [81]. In addition, some other cyberse- curity mitigation methods were embedded into the CSPR prototype, such as AES-128 encryption, a key management system, and low-level hardware protections. The experiment results verified the enhancement of firmware security dur- ing run-time, booting/upgrading, and malfunction conditions. The CSPR prototype has notable features in control flexibil- ity and independent configuration for firmware security in grid-connected power electronics converters. TABLE 5. A list of major components in CSPR prototype (summarized from [80]). B. TESTBED EXAMPLE #2 – ‘‘PV-SYSTEM TESTBED’’ A PV system testbed with blockchain-assisted enhancement was introduced in [9] and [18]. The physical power layer mainly included PV simulators (i.e., dc power supplies), power inverters, resistive loads, and a blockchain network programmed in a PC. Each power inverter consisted of a 280-watt Texas Instrument (TI)’s solar microinverter [82] and a Lattepanda IoT device [83]. The Lattepanda IoT device acted as a local secure node to carry blockchain code and interfaced with a Piccolo TMS302F28035 DSP controller in the power inverters. In the cyber layer, the proposed blockchain was embedded into the Lattepanda via a software named ‘‘Hyberpedger-Composer’’. This testbed is suitable for laboratory experimental tests for cybersecurity method- ology verifications. Furthermore, paper [11] introduced a cyber-physical bat- tery testbed, which mainly consisted of three IoT-enabled battery modules, a local blockchain network, and an Amazon Web Services (AWS) cloud. A Lattepanda IoT device was connected to a TI’s BMS of model ‘‘bq76920EVM’’, which was used to monitor and manage five Li-ion battery cells. For the cyber layer of the testbed, a local blockchain network was designed and embedded into a PC, which interacted with the IoT devices and BMS. C. TESTBED EXAMPLE #3 – ‘‘DC-DC POWER CONVERTERS FOR HARDWARE HARDENING’’ DC-DC buck converter has a simple topology, a pulse width modulation, a driver circuit for the switching of power semi- conductor devices, and a possible connection to external IoT devices. It has all the necessary hardware components and software access points to serve as a good simple tested with various cyberattack targets. So, the dc-dc buck con- verter is suitable for cybersecurity study in power electronics, especially hardware hardening. There are two dc-dc power converter testbeds introduced in this article for hardware hardening in section III-B, i.e.,the parallel control framework, and the security-enhanced driver circuit. Based on the dc-dc power converter testbed in [12], Table 6 summarizes some potential methods to detect cyberattacks VOLUME 11, 2023 113553
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds early and thus prevent hazardous failures as countermeasures to these classified vulnerabilities. The countermeasures for CAN protocol cybersecurity can be the same as the ones applied to communication networks, such as applying AI and blockchain techniques, for robust authentication and encryption algorithms. The potential solutions of FPGA’s side-channel-based attacks include two categories: a) mak- ing the victim logic more resilient to side-channel attacks; and b) making it more difficult for attackers to construct any power/delay monitoring circuits on an FPGA [12]. The security-enhanced driver circuit in section III-B implements hardware hardening to eliminate possible severe dc-link short-circuit failure and thus enhance the reliability of the OBC system. In addition, the DSP-based digital filters and intelligent data processing algorithms are implemented and validated in the OBC system to detect cyber and physical attacks successfully. Due to the similarity of cyber and phys- ical layouts of different power electronics devices shown in Fig. 2 and Fig. 3, these classified cyberattacks and proposed countermeasures can be generally applied to EV onboard chargers and other GCPECs. TABLE 6. Classification and countermeasures for the cybersecurity of OBC systems (summarized from [12]). These testbed examples can be used as references to design new hardware testbeds for specific purposes of cybersecurity validation. Table 7 compares the capabilities of the testbed examples mapping to the key components of GCPECs listed in Table 1. All these hardware testbeds include the key com- ponents of power conversion and control. The candidates of digital controllers include CPLD, DSP, and FPGA, which all can implement data collection and processing and PWM generation. Due to the focus on hardware hardening, there is no communication device in the testbed example #3 but com- munication modules can be added upon necessity. Testbed example #1 uses the BeagleBone Black to provide ethernet communication in a Linux environment, while testbed exam- ple #2 adopting the Lattepanda IoT device to operate in a Windows environment. Cybersecurity researchers can choose the right one for hardware testbeds based on their experience with the computer operating system. TABLE 7. Comparison of hardware testbed examples for GCPEC’s cybersecurity study. V. RECOMMENDATIONS FOR FUTURE RESEARCH This section states the discussions of some recommendations as potential directions for future research on cybersecurity vulnerabilities, countermeasures, and testbeds for GCPECs based on the literature and prior work reviewed and discussed in this article. These recommendations are categorized into four aspects: 1) feasibility assessment of cybersecurity detec- tion and mitigation methods; 2) novel hardware-hardening approaches; 3) coordination of cybersecurity standards and GCPEC design; and 4) development of new testbeds as the baseline for cybersecurity study. All these recommendations focus on GCPECs and their secure applications in smart grids A. ASSESS THE FEASIBILITY OF CYBERSECURITY DETECTION AND MITIGATION METHODS FOR GCPEC Besides the three cybersecurity detection and mitigation methods introduced in section III-A, i.e., the blockchain tech- nique, the watermarking technique, and the PQV-limit detec- tion method, there are many other cybersecurity detection methods proposed and studied for modern power systems. For instance, there are 38 cyberattack detection methods and 23 mitigation methods listed in Table 8 of [3], which covers most of the proposed methods for power systems up to date. It should be noticed that these proposed methods may or may not apply to GCPEC, even though they can be generally utilized as cybersecurity countermeasures at the transmission and distribution level. Compared to the computing units in broad power systems, the controller of GCPEC shown in Fig. 3 has relatively slower data processing, limited comput- ing capability, smaller data storage, and other shortages in function. These shortcomings in GCPEC’s controller result in limitations to apply certain proposed cybersecurity detection and mitigation methods. Therefore, the feasibility of poten- tial cybersecurity methods should be assessed via testing in GCPECs and their interaction with the cyber-physical layers upstream. Table 8 lists five requirements for the safety and security of communication in smart grid operations, which can be adopted in the assessment of GCPEC’s cybersecurity. Also, paper [1] discussed some concepts and implementations of certificate-based authentication and message integrity in smart grids. Especially, some tests were performed on an 113554 VOLUME 11, 2023
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds Intel i5-3210M CPU @ 2.50GHz system to compare the performance of three digital signature algorithms (RSASSA- PKCS1-v1_5, RSASSA-PSS, and RSA). It was found that there are quite significant differences in signing time and verification time. Therefore, it is proven that it is essential to investigate different algorithms of cybersecurity solution and identify the appropriate ones for GCPEC’s operations, which provides sufficient cybersecurity while meeting the time-restricted requirements of GCPEC and its intercon- nected power system operations. TABLE 8. Requirements and their definitions for safe and secure communication (summarized in [1]). B. PROPOSE AND VERIFY NOVEL HARDWARE-HARDENING APPROACHES FOR GCPEC Different from power transmission and distribution networks, GCPECs are much more vulnerable to cyberattacks that are launched by accessing their physical components locally, such as all the attacks shown in Fig. 3 except the access attack through a communication network. Novel hardware hardening approaches shall be available to enable these two functions at least to enhance cybersecurity via hardware hardening: a) Non-modifiable physical components: the integrity of physical components in GCPECs shall be improved. As inevitable commonly-accessible components, the driver and sensor circuits can be developed in a module to avoid easy modification by hackers. The commonly- used I/O pins of the controller shall be packaged and secured to avoid unauthorized access by hackers; b) Analog-based circuits as a backup for sustainable oper- ation: when the communication network and/or local digital circuits are hacked and disabled, an analog- based circuit can be activated to keep GCPEC operating in standalone mode. It meets the need for sustainable power supply to local loads while avoiding pollution in distribution networks. Besides the parallel control framework introduced in section III-B1, novel backup circuits shall be developed for various components and topologies in GCPECs. Also, the coordination of novel hardware-hardening approaches and other existing approaches/components shall be investigated. For instance, the novel hardware-hardening approaches can coordinate with the adopted cybersecu- rity detection and mitigation approaches to realize seam- less operation. When a cyberattack is detected and the hardware-hardening approach is activated, there shall be a seamless transition from the pre-cyberattack condition to the hardware-hardening activated condition. Also, the analog circuit backup shall operate in coordination with the existing digital circuit well without any interference or disturbance. In addition, it should be noticed that the novel hardware-hardening approaches should not replace the con- ventional protective scheme, which protects GCPECs from various faults, such as short circuits and unbalanced loads. Each proposed hardware-hardening approach should be ver- ified in experimental testbeds to prove its effectiveness and study its applicability and constraints. C. COORDINATE DEVELOPING CYBERSECURITY STANDARDS FOR GCPEC DESIGN Since GCPECs equip communication network access and power circuit together via the communication components like IoT devices, both power-related and communication- related standards shall be considered in the cybersecurity of GCPEC design. The standards IEEE-1547.1 and IEEE- 2030.5 shall be used as references to study the interoperability between GCPECs and smart grids. And the standard IEC- 62351 can be used to explore cybersecurity solutions for the IEC-61850-based substations and smart grids while consid- ering the constraints of information processing capability in GCPECs. Moreover, the standard UL-1741 can be used to certify the GCPEC device’s compliance. And the standard IEC- 61850 can be used to study new cybersecurity vulnerabilities in GCPECs and smart grids. Keep in mind that all these standards are live documents and developing over time. It is essential to coordinate GCPEC’s design well with the up- to-date cybersecurity-related standards to ensure the cyberse- curity and interoperability of GCPEC devices in smart grids. D. DEVELOP BASELINE TESTBED FOR CYBERSECURITY STUDY OF GCPEC To generalize the cybersecurity study of GCPEC, the base- line testbeds of GCPEC’s cybersecurity should be developed by the task forces organized and supported by government research institutes and professional societies. It is analogous to the IEEE standard bus systems (e.g., the 9-bus, 14-bus, 30-bus, 39-bus, and 118-bus systems for transmission study, and the 34-bus system for distribution study) that can be used by researchers to implement new ideas and concepts in power systems. The configurations and instructions of these baseline testbeds can guide cybersecurity researchers to define their own specifications based on their particular VOLUME 11, 2023 113555
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds needs. They can also be used by industrial designers to test their products to meet the requirements of cybersecurity standards and certification purposes. As shown in Fig. 2, these baseline testbeds should include ‘‘dc-dc’’ and ‘‘dc-dc- ac’’ topologies to meet the need for DERs, EVs, and PVs testing. In the specification, these testbeds should provide multiple communication approaches and accesses, such as internet, ethernet, and wireless connections. As nonstandard computing devices that wirelessly connect to a network with sensors, the IoT devices in the baseline testbeds should meet the communication protocols defined in the standard IEC- 61850 up to date. The standard IEC-62351 can be used to specify the cybersecurity countermeasures in the communi- cation parts of baseline testbeds. The baseline testbeds should meet the standards IEEE-1547.1 and IEEE-2030.5 for smart grid interconnection compatibility. Besides hardware testbeds, simulation models of the power system should be used to create a hardware-in-the-loop (HIL) environment [72], [85] to test the interoperability of GCPEC baseline testbeds and study their impacts on the power system’s operations. Paper [3] did a comprehensive review of modeling approaches, simulation software, and analysis methods to investigate the cyber security problems in cyber-physical power systems (CPPS). Table 9 summa- rizes the modeling approaches, depending on the interactions between the physical layer and cyber layer of CPPS, in the aspects of time, space, and scales. Tables 2∼4 of [3] list the characteristics of different schemes in attack graph modeling, the detailed taxonomy of network attack model, and the com- mon analytical models of power system applications under cyberattacks, respectively. Also, a list of common simulation tool candidates is presented in Table 5 of [3]. These tables and information can be used as good references for power system modeling for cybersecurity analysis. The hardware of the GCPEC prototype can be integrated and interact with the power system modeling in software in a HIL environment in real-time. Many commercial HIL components and systems can be considered for this application, such as the dSpace- 1104 R&D controller board [86], National Instruments (NI) HIL [87], OPAL-RT HIL [88], and Typhoon HIL [89]. Below are some examples of HIL testbed: 1. a real-time simulation in OPAL-RT environment with HYPERSIM software to emulate CIGRE LV distribu- tion system and IEEE 37-bus distribution systems [41]. The detailed description of the testbed can be referred from [90]; 2. a real-time simulation in Typhoon HIL environment to emulate a smart electric grid with the extension of IEC-61850 to electric vehicle aggregators for commu- nication [62]; 3. a HIL testbed consists of two PLECS-RT Box-1 HIL platforms and a dSPACE MicroLabBox unit, to emu- late a group of modular multilevel converters with FDIA detectors in HVdc transmission systems [45]; 4. a HIL testbed consists of a real-time grid simulator as OPAL-RT, a cyber system testbed using real network systems and a server, and penetration testing tools gen- erating live advanced persisteOnt threat (APT)-style attacks as real cyber events [91], [92]. These HIL testbeds simulate GCPEC’s behavior in real-time software environment, and have potential of being expanded to integrate actual GCPEC hardware as needed. TABLE 9. List of power system modeling approaches for cybersecurity analysis (summarized from [3]). VI. CONCLUSION In this article, the cybersecurity issues of grid-connected power electronics converters are reviewed comprehensively, in the aspects of vulnerabilities, countermeasures, and testbeds. The cybersecurity of GCPECs includes vulnera- bilities in both the cyber layer and physical layer, which must be considered simultaneously and coordinate well with each other. When evaluating the feasibility of countermea- sure candidates to cyberattacks, the detection and mitigation approaches should consider the complexity of algorithms to be applied and assess the limits of computing and data processing capabilities in GCPECs. At the same time, the countermeasures should meet their relevant standards (such as IEEE-1547.1, IEEE-2030.5, IEC-61850, and IEC-62351) to ensure the interoperability and cybersecurity of GCPEC devices in smart grids. 113556 VOLUME 11, 2023
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds In addition, some existing testbeds of GCPECs are intro- duced here for cybersecurity experimental validations. As a ‘‘new-new’’ technology, these testbed examples are ground- breaking efforts and can be used as references by peers to explore novel and suitable hardware testbeds to meet their needs of cybersecurity verification and validation. Further- more, based on the review and analysis of the vulnerabilities, countermeasures, and testbeds throughout this article, four recommendations are raised for future research on GCPECs and their applications in smart grids, which include: 1) fea- sibility assessment of cybersecurity detection and mitigation methods; 2) novel hardware-hardening approaches; 3) coor- dination of cybersecurity standards; and 4) development of new testbeds as the baseline for cybersecurity study. REFERENCES [1] T. S. Ustun and S. M. S. Hussain, ‘‘A review of cybersecurity issues in smartgrid communication networks,’’ in Proc. Int. Conf. Power Electron., Control Autom. (ICPECA), New Delhi, India, Nov. 2019, pp. 1–6. [2] R. M. Lee, M. J. Assante, and T. Conway, ‘‘Analysis of the cyber attack on the ukrainian power grid,’’ E-ISAC, SANS ICS., Tech. Rep., Mar. 2016. [Online]. Available: https://media.kasperskycontenthub.com/wp-content/ uploads/sites/43/2016/05/20081514/E-ISAC_SANS_Ukraine_DUC_5.pdf [3] R. V. Yohanandhan, R. M. Elavarasan, P. Manoharan, and L. Mihet-Popa, ‘‘Cyber-physical power system (CPPS): A review on modeling, simula- tion, and analysis with cyber security applications,’’ IEEE Access, vol. 8, pp. 151019–151064, 2020. [4] J. Lázaro, A. Astarloa, M. Rodríguez, U. Bidarte, and J. Jiménez, ‘‘A survey on vulnerabilities and countermeasures in the communications of the smart grid,’’ Electronics, vol. 10, no. 16, p. 1881, Aug. 2021, doi: 10.3390/elec- tronics10161881. [5] J. Jithish, B. Alangot, N. Mahalingam, and K. S. Yeo, ‘‘Distributed anomaly detection in smart grids: A federated learning-based approach,’’ IEEE Access, vol. 11, pp. 7157–7179, 2023. [6] H. Alan Mantooth, R. Zane, and M. Manjrekar, ‘‘Guest editorial special section on cybersecurity of power electronics through hardware hard- ening,’’ IEEE J. Emerg. Sel. Topics Power Electron., vol. 10, no. 1, pp. 1255–1257, Feb. 2022. [7] Y. Li and J. Yan, ‘‘Cybersecurity of smart inverters in the smart grid: A survey,’’ IEEE Trans. Power Electron., vol. 38, no. 2, pp. 2364–2383, Feb. 2023. [8] F. Zhang and Q. Li, ‘‘Security vulnerability and patch management in electric utilities: A data-driven analysis,’’ in Proc. 1st Workshop Radical Experiential Secur., Incheon, South Korea, May 2018, pp. 65–68. [9] G. Bere, B. Ahn, J. J. Ochoa, T. Kim, A. A. Hadi, and J. Choi, ‘‘Blockchain- based firmware security check and recovery for smart inverters,’’ in Proc. IEEE Appl. Power Electron. Conf. Expo. (APEC), Phoenix, AZ, USA, Jun. 2021, pp. 675–679. [10] J. Qi, A. Hahn, X. Lu, J. Wang, and C. Liu, ‘‘Cybersecurity for distributed energy resources and smart inverters,’’ IET Cyber-Phys. Syst., Theory Appl., vol. 1, no. 1, pp. 28–39, Dec. 2016. [11] T. Kim, J. Ochoa, T. Faika, H. A. Mantooth, J. Di, Q. Li, and Y. Lee, ‘‘An overview of cyber-physical security of battery management systems and adoption of blockchain technology,’’ IEEE J. Emerg. Sel. Topics Power Electron., vol. 10, no. 1, pp. 1270–1281, Feb. 2022. [12] A. Chandwani, S. Dey, and A. Mallik, ‘‘Cybersecurity of onboard charging systems for electric vehicles—Review, challenges and countermeasures,’’ IEEE Access, vol. 8, pp. 226982–226998, 2020. [13] B. Yang, L. Guo, F. Li, J. Ye, and W. Song, ‘‘Impact analysis of data integrity attacks on power electronics and electric drives,’’ in Proc. IEEE Transp. Electrific. Conf. Expo (ITEC), Detroit, MI, USA, Jun. 2019, pp. 1–6. [14] E. Axell, P. Eliardsson, S. Ö. Tengstrand, and K. Wiklundh, ‘‘Power control in interference channels with class a impulse noise,’’ IEEE Wireless Commun. Lett., vol. 6, no. 1, pp. 102–105, Feb. 2017. [15] T. S. Ustun, ‘‘Cybersecurity vulnerabilities of smart inverters and their impacts on power system operation,’’ in Proc. Int. Conf. Power Electron., Control Autom. (ICPECA), New Delhi, India, Nov. 2019, pp. 1–4. [16] Communication Networks and Systems for Power Utility Automation, Part 90-7: Object Models for Power Converters in Distributed Energy Resources (DER) Systems, Standard IEC/TR 61850-90-7, International Electrotechnical Commission (IEC), Feb. 2013. [17] J. Ahn, J. Chung, T. Kim, B. Ahn, and J. Choi, ‘‘An overview of quantum security for distributed energy resources,’’ in Proc. IEEE 12th Int. Symp. Power Electron. Distrib. Gener. Syst. (PEDG), Jun. 2021, pp. 1–7. [18] A. A. Hadi, G. Bere, T. Kim, J. J. Ochoa, J. Zeng, and G.-S. Seo, ‘‘Secure and cost-effective micro phasor measurement unit (PMU)-like metering for Behind-the-Meter (BTM) solar systems using blockchain-assisted smart inverters,’’ in Proc. IEEE Appl. Power Electron. Conf. Expo. (APEC), Mar. 2020, pp. 2369–2375. [19] J. Choi, B. Ahn, G. Bere, S. Ahmad, H. A. Mantooth, and T. Kim, ‘‘Blockchain-based Man-in-the-Middle (MITM) attack detection for pho- tovoltaic systems,’’ in Proc. IEEE Design Methodol. Conf. (DMC), Bath, United Kingdom, Jul. 2021. [20] N. Prusty, Building Blockchain Projects, 1st ed. Birmingham, U.K.: Packt, Apr. 2017. [21] M. A. Khan and K. Salah, ‘‘IoT security: Review, blockchain solutions, and open challenges,’’ Future Gener. Comput. Syst., vol. 82, pp. 395–411, May 2018. [22] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, ‘‘Blockchain for IoT security and private: The study of a smart home,’’ in Proc. IEEE Int. Conf. Pervasive Comput. Commun. Workshops, Kona, HI, USA, Mar. 2017, pp. 618–623. [23] A. Miller, Y. Xia, K. Croman, E. Shi, and D. Song, ‘‘The honey badger of BFT protocols,’’ in Proc. ACM SIGSAC Conf. Comput. Commun. Secur. (CCS), Vienna, Austria, Oct. 2016, pp. 31–42. [24] I. Makhdoom, M. Abolhasan, H. Abbas, and W. Ni, ‘‘Blockchain’s adop- tion in IoT: The challenges, and a way forward,’’ J. Netw. Comput. Appl., vol. 125, pp. 251–279, Jan. 2019. [25] Y. Son, J. Jeong, and Y. Lee, ‘‘Design of the secure compiler for the IoT services,’’ Adv. Sci. Technol. Lett., vol. 110, pp. 67–70, Feb. 2015. [26] T. Ji, Y. Wu, C. Wang, X. Zhang, and Z. Wang, ‘‘The coming era of AlphaHacking?: a survey of automatic software vulnerability detection, exploitation and patching techniques,’’ in Proc. IEEE 3rd Int. Conf. Data Sci. Cyberspace (DSC), Guangzhou, China, Jun. 2018, pp. 53–60. [27] B. Lee and J.-H. Lee, ‘‘Blockchain-based secure firmware update for embedded devices in an Internet of Things environment,’’ J. Supercomput., vol. 73, no. 3, pp. 1152–1167, Mar. 2017. [28] M. Salfer and C. Eckert, ‘‘Attack graph-based assessment of exploitability risks in automotive on-board networks,’’ in Proc. 13th Int. Conf. Availabil- ity, Rel. Secur., Hamburg, Germany, Aug. 2018, pp. 1–10. [29] M. R. Moore, R. A. Bridges, F. L. Combs, M. S. Starr, and S. J. Prowell, ‘‘Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: A data-driven approach to in-vehicle intrusion detection,’’ in Proc. 12th Annu. Conf. Cyber Inf. Secur. Res., Oak Ridge, TN, USA, Apr. 2017, pp. 1–4. [30] T. Le, L. Weaver, J. Di, S. Zhang, and Y. Jin, ‘‘Hardware trojan detection and functionality determination for soft IPs,’’ in Proc. IEEE 3rd Int. Verifi- cation Secur. Workshop (IVSW), Costa Brava, Spain, Jul. 2018, pp. 56–61. [31] M. Haque, M. N. Shaheed, and S. Choi, ‘‘Deep learning based micro-grid fault detection and classification in future smart vehicle,’’ in Proc. IEEE Transp. Electrific. Conf. Expo (ITEC), Long Beach, CA, USA, Jun. 2018, pp. 1082–1087. [32] P. Otte, M. de Vos, and J. Pouwelse, ‘‘TrustChain: A sybil-resistant scal- able blockchain,’’ Future Gener. Comput. Syst., vol. 107, pp. 770–780, Jun. 2020. [33] K. Toyoda, P. T. Mathiopoulos, I. Sasase, and T. Ohtsuki, ‘‘A novel blockchain-based product ownership management system (POMS) for anti-counterfeits in the post supply chain,’’ IEEE Access, vol. 5, pp. 17465–17477, Jun. 2017. [34] I. Cox, M. Miller, J. Bloom, J. Fridrich, and T. Kalker, Digital Watermark- ing and Steganography, 1st ed. Morgan Kaufmann, Nov. 2008. [35] J. Ramos-Ruiz, J. Kim, W.-H. Ko, T. Huang, P. Enjeti, P. R. Kumar, and L. Xie, ‘‘An active detection scheme for cyber attacks on grid-tied PV systems,’’ in Proc. IEEE CyberPELS (CyberPELS), Miami, FL, USA, Oct. 2020, pp. 1–6. [36] J. Kim, W.-H. Ko, and P. R. Kumar, ‘‘Cyber-security with dynamic water- marking for process control systems,’’ in Proc. AIChE Annu. Meeting, 2019. VOLUME 11, 2023 113557
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds [37] B. Satchidanandan and P. R. Kumar, ‘‘Dynamic watermarking: Active defense of networked cyber–physical systems,’’ Proc. IEEE, vol. 105, no. 2, pp. 219–240, Feb. 2017. [38] J. Ramos-Ruiz, H. Ibrahim, J. Kim, W. H. Ko, T. Huang, P. Enjeti, P. R. Kumar, and L. Xie, ‘‘Validation of a robust cyber shield for a grid connected PV inverter system via digital watermarking principle,’’ in Proc. IEEE 12th Int. Symp. Power Electron. Distrib. Gener. Syst. (PEDG), Chicago, IL, USA, Jun./Jul. 2021, pp. 1–6. [39] A. Khan, M. Hosseinzadehtaher, M. B. Shadmand, D. Saleem, and H. Abu-Rub, ‘‘Intrusion detection for cybersecurity of power electronics dominated grids: Inverters PQ set-points manipulation,’’ in Proc. IEEE CyberPELS (CyberPELS), Miami, FL, USA, Oct. 2020, pp. 1–8. [40] W. J. Tzeng and F. Y. Wu, ‘‘Theory of impedance networks: The two-point impedance and LC resonances,’’ J. Phys. A, Math. Gen., vol. 39, no. 27, pp. 8579–8591, Jul. 2006. [41] K. Gupta, S. Sahoo, R. Mohanty, B. K. Panigrahi, and F. Blaabjerg, ‘‘Distinguishing between cyber attacks and faults in power electronic systems—A noninvasive approach,’’ IEEE J. Emerg. Sel. Topics Power Electron., vol. 11, no. 2, pp. 1578–1588, Apr. 2023. [42] A. A. Khan, O. A. Beg, M. Alamaniotis, and S. Ahmed, ‘‘Intelligent anomaly identification in cyber-physical inverter-based systems,’’ Electr. Power Syst. Res., vol. 193, Apr. 2021, Art. no. 107024. [43] O. A. Beg, L. V. Nguyen, T. T. Johnson, and A. Davoudi, ‘‘Cyber- physical anomaly detection in microgrids using time-frequency logic formalism,’’ IEEE Access, vol. 9, pp. 20012–20021, 2021, doi: 10.1109/ACCESS.2021.3055229. [44] S. Sahoo, Y. Yang, and F. Blaabjerg, ‘‘Resilient synchronization strategy for AC microgrids under cyber attacks,’’ IEEE Trans. Power Electron., vol. 36, no. 1, pp. 73–77, Jan. 2021, doi: 10.1109/TPEL.2020.3005208. [45] C. Burgos-Mellado, C. Zuñiga-Bauerle, D. Muñoz-Carpintero, Y. Arias-Esquivel, R. Cárdenas-Dobson, T. DragiCevic, F. Donoso, and A. Watson, ‘‘Reinforcement learning-based method to exploit vulnerabilities of false data injection attack detectors in modular multilevel converters,’’ IEEE Trans. Power Electron., vol. 38, no. 7, pp. 8907–8921, Jul. 2023. [46] Y. Chen, W. Qiu, X. Liu, and Y. Kang, ‘‘A parallel control framework of analog proportional integral and digital model predictive controllers for enhancing power converters cybersecurity,’’ IEEE J. Emerg. Sel. Topics Power Electron., vol. 10, no. 1, pp. 1258–1269, Feb. 2022. [47] Texas Instruments. TMS320F28335. [Online]. Available: https://www.ti.com/product/TMS320F28335 [48] C. Farnell, E. Soria, J. Jackson, and H. A. Mantooth, ‘‘Cyber protection of grid-connected devices through embedded online security,’’ in Proc. IEEE Design Methodol. Conf. (DMC), Bath, U.K., Jul. 2021. [49] V. V. Makarov, Y. B. Frolov, I. S. Parshina, and M. V. Ushakova, ‘‘The design concept of digital twin,’’ in Proc. 12th Int. Conf. Manag. Large-Scale Syst. Develop. (MLSD), Moscow, Russia, Oct. 2019, pp. 1–4, doi: 10.1109/MLSD.2019.8911091. [50] Z. Xu, ‘‘Source code and binary level vulnerability detection and hot patching,’’ in Proc. 35th IEEE/ACM Int. Conf. Automated Softw. Eng. (ASE), Melbourne, VIC, Australia, Sep. 2020, pp. 1397–1399. [51] H. Jeong, J. Baik, and K. Kang, ‘‘Functional level hot-patching platform for executable and linkable format binaries,’’ in Proc. IEEE Int. Conf. Syst., Man, Cybern. (SMC), Banff, AB, Canada, Oct. 2017, pp. 489–494, doi: 10.1109/SMC.2017.8122653. [52] F. Pozo, G. Rodriguez-Navas, and H. Hansson, ‘‘Work-in-progress: A hot- patching protocol for repairing time-triggered network schedules,’’ in Proc. IEEE Real-Time Embedded Technol. Appl. Symp. (RTAS), Porto, Portugal, Apr. 2018, pp. 89–92, doi: 10.1109/RTAS.2018.00015. [53] A. Ramaswamy, S. Bratus, S. W. Smith, and M. E. Locasto, ‘‘Katana: A hot patching framework for ELF executables,’’ in Proc. Int. Conf. Availability, Rel. Secur., Krakow, Poland, Feb. 2010, pp. 507–512, doi: 10.1109/ARES.2010.112. [54] S. M. S. Hussain, T. S. Ustun, and A. Kalam, ‘‘A review of IEC 62351 security mechanisms for IEC 61850 message exchanges,’’ IEEE Trans. Ind. Informat., vol. 16, no. 9, pp. 5643–5654, Sep. 2020. [55] W. Stallings, Cryptography and Network Security: Principles and Prac- tice, 7th ed. London, U.K.: Pearson, 2017. [56] J. Hong, C.-C. Liu, and M. Govindarasu, ‘‘Detection of cyber intru- sions using network-based multicast messages for substation automation,’’ in Proc. Innov. Smart Grid Technol. (ISGT), Washington, DC, USA, Feb. 2014, pp. 1–5. [57] N. Kush, E. Ahmed, M. Branagan, and E. Foo, ‘‘Poisoned GOOSE: Exploiting the GOOSE protocol,’’ in Proc. 12th Australas. Inf. Secur. Conf. (AISC), Auckland, New Zealand, Feb. 2014, pp. 17–22. [58] L. E. da Silva and D. V. Coury, ‘‘A new methodology for real-time detection of attacks in IEC 61850-based systems,’’ Electr. Power Syst. Res., vol. 143, pp. 825–833, Feb. 2017. [59] M. C. Magro, P. Pinceti, L. Rocca, and G. Rossi, ‘‘Safety related functions with IEC 61850 GOOSE messaging,’’ Int. J. Electr. Power Energy Syst., vol. 104, pp. 515–523, Jan. 2019. [60] M. El Hariri, E. Harmon, T. Youssef, M. Saleh, H. Habib, and O. Mohammed, ‘‘The IEC 61850 sampled measured values protocol: Anal- ysis, threat identification, and feasibility of using NN forecasters to detect spoofed packets,’’ Energies, vol. 12, no. 19, p. 3731, Sep. 2019. [61] B. Kang, P. Maynard, K. McLaughlin, S. Sezer, F. Andrén, C. Seitl, F. Kupzog, and T. Strasser, ‘‘Investigating cyber-physical attacks against IEC 61850 photovoltaic inverter installations,’’ in Proc. IEEE 20th Conf. Emerg. Technol. Factory Autom. (ETFA), Luxembourg City, Luxembourg, Sep. 2015, pp. 1–8. [62] H. Palahalli, M. Hemmati, and G. Gruosso, ‘‘Analysis and design of a smart controller for managing penetration of renewable energy including cybersecurity issues,’’ Electronics, vol. 11, no. 12, p. 1861, Jun. 2022, doi: 10.3390/electronics11121861. [63] J. Johnson, B. Fox, K. Kaur, and J. Anandan, ‘‘Evaluation of interopera- ble distributed energy resources to IEEE 1547.1 using SunSpec modbus, IEEE 1815, and IEEE 2030.5,’’ IEEE Access, vol. 9, pp. 142129–142146, Oct. 2021. [64] Inverters, Converters, Controllers and Interconnection System Equipment for Use With Distributed Energy Resources, Standard UL 1741, Underwrit- ers Laboratories, 2016. [65] J. Johnson, S. Gonzalez, M. E. Ralph, A. Ellis, and R. Broderick, ‘‘Test pro- tocols for advanced inverter interoperability functions-appendices,’’ San- dia Nat. Laboratories, Albuquerque, NM, USA, Tech. Rep. SAND2013- 9875, 2013. [66] J. Johnson, S. Gonzalez, M. E. Ralph, A. Ellis, and R. Broderick, ‘‘Test pro- tocols for advanced inverter interoperability functions-main document,’’ Sandia Nat. Lab., Albuquerque, NM, USA, Tech. Rep. SAND2013-9880, 2013. [67] J. Johnson, R. Bründlinger, C. Urrego, and R. Alonso, ‘‘Collaborative development of automated advanced interoperability certification test pro- tocols for PV smart grid integration,’’ in Proc. Eur. Photovolt. Sol. Energy Conf. Exhib. (PVSEC), Amsterdam, The Netherlands, Sep. 2014, pp. 1–7. [68] J. B. Ahn, J. J. Lee, J. Johnson, and J. H. Bae, ‘‘Test results for advanced inverter functions based-on IEC 61850-90-7,’’ in Proc. 5th Asia–Pacific Forum Renew. Energy (AFORE), Jeju, South Korea, Nov. 2015, pp. 1–13. [69] M. Verga, R. Lazzari, J. Johnson, D. Rosewater, C. Messner, and J. Hashimoto, ‘‘SIRFN draft test protocols for advanced battery energy storage system interoperability functions,’’ in Proc. IEA-ISGAN Annex, 2016. [70] D. M. Rosewater, J. T. Johnson, M. Verga, R. Lazzari, C. Messner, K. Johannes, J. Hashimoto, and K. Otani, ‘‘International development of energy storage interoperability test protocols for photovoltaic integration,’’ in Proc. EU PVSEC, Hamburg, Germany, Sep. 2015, pp. 1–11. [71] J. Johnson, E. Apablaza-Arancibia, N. Ninad, D. Turcotte, A. Prieur, R. Ablinger, R. Brïndlinger, T. Moore, R. Heidari, J. Hashimoto, C. Cho, R. S. Kumar, J. Kumar, M. Verga, J. L. S. Farias, J. G. M. Tena, F. Baumgartner, I. V. Temez, R. A. Segade, and B. Fox, ‘‘International development of a distributed energy resource test platform for electrical and interoperability certification,’’ in Proc. IEEE 7th World Conf. Pho- tovolt. Energy Convers. (WCPEC), Joint Conf. 45th IEEE PVSC, 28th PVSEC 34th EU PVSEC, Waikoloa, HI, USA, Jun. 2018, pp. 2492–2497. [72] J. Johnson, R. Ablinger, R. Bruendlinger, B. Fox, and J. Flicker, ‘‘Inter- connection standard grid-support function evaluations using an auto- mated Hardware-in-the-Loop testbed,’’ IEEE J. Photovolt., vol. 8, no. 2, pp. 565–571, Mar. 2018. [73] N. Ninad, E. Apablaza-Arancibia, M. Bui, J. Johnson, S. Gonzalez, W. Son, C. Cho, J. Hashimoto, K. Otani, R. Bründlinger, and R. Ablinger, ‘‘Development and evaluation of open-source IEEE 1547.1 test scripts for improved solar integration,’’ in Proc. 36th Eur. Photovolt. Sol. Energy Conf. Exhib. (PVSEC), Marseille, France, Sep. 2019, pp. 952–957. [74] N. Ninad et al., ‘‘PV inverter grid support function assessment using open- source IEEE P1547.1 test package,’’ in Proc. 47th IEEE Photovolt. Spec. Conf. (PVSC), Calgary, AB, Canada, Jun. 2020, pp. 1138–1144. 113558 VOLUME 11, 2023
R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds [75] R. Darbali-Zamora, J. Johnson, N. S. Gurule, M. J. Reno, N. Ninad, and E. Apablaza-Arancibia, ‘‘Evaluation of photovoltaic inverters under balanced and unbalanced voltage phase angle jump conditions,’’ in Proc. 47th IEEE Photovolt. Spec. Conf. (PVSC), Calgary, AB, Canada, Jun. 2020, pp. 1562–1569. [76] SunSpec DER Information Model, Test Status, SunSpec Alliance, San Jose, CA, USA, 2020. [77] ‘‘DNP3 profile for communications with distributed energy resources (DERs),’’ version 2018-08-22, DNP3.org, DNP Appl. Note AN2018-001, 2018. [78] Common Smart Inverter Profile: IEEE 2030.5 Implementation Guide for Smart Inverters, Version 2.1, San Jose, CA, USA, 2018. [79] SunSpec Alliance Releases SVP Dashboard Test Platform to Enable IEEE 1547 Communication Testing for Distributed Energy Resources, San Jose, CA, USA, Mar. 2021. [Online]. Available: https://sunspec.org/sunspec- alliance-releases-svp-dashboard-test-platform-to-enable-ieee-1547- communication-testing-for-distributed-energy-resources/ [80] S. J. Moquin, S. Kim, N. Blair, C. Farnell, J. Di, and H. A. Mantooth, ‘‘Enhanced uptime and firmware cybersecurity for grid-connected power electronics,’’ in Proc. IEEE CyberPELS (CyberPELS), Knoxville, TN, USA, Apr./May 2019, pp. 1–6. [81] S. Chetan, A. Ranganathan, and R. Campbell, ‘‘Towards fault tolerance pervasive computing,’’ IEEE Technol. Soc. Mag., vol. 24, no. 1, pp. 38–44, Spring 2005. [82] Solar Micro Inverter Development Kit, Texas Instrum. [Online]. Available: http://www.ti.com/tool/TMDSSOLARUINVKIT [83] LattePanda. [Online]. Available: https://www.lattepanda.com/ [84] S. Ghandali, T. Moos, A. Moradi, and C. Paar, ‘‘Side-channel hardware trojan for provably-secure SCA-protected implementations,’’ IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. 28, no. 6, pp. 1435–1448, Jun. 2020. [85] R. Fu, Y. Zhang, and S. Bhatta, ‘‘An easily-installed hardware-in-the- loop (HIL) inverter system for power electronics teaching,’’ in Proc. IEEE 12th Int. Conf. Power Electron. Drive Syst. (PEDS), Honolulu, HI, USA, Dec. 2017, pp. 48–52. [86] DS1104 R&D Controller Board, dSPACE. [Online]. Available: https://www.dspace.com/en/inc/home/products/hw/singbord/ds1104.cfm [87] Hardware-in-the-Loop (HIL) Testing for Industrial Systems, National Instruments. [Online]. Available: https://www.ni.com/en- us/solutions/industrial-machinery/hardware-in-the-loop-hil-testing-for- industrial-systems.html [88] Hardware-in-the-Loop, OPAL-RT. [Online]. Available: https://www.opal- rt.com/hardware-in-the-loop/ [89] Typhoon HIL. [Online]. Available: https://www.typhoon-hil.com/ [90] K. Gupta, S. Sahoo, B. K. Panigrahi, F. Blaabjerg, and P. Popovski, ‘‘On the assessment of cyber risks and attack surfaces in a real-time co-simulation cybersecurity testbed for inverter-based microgrids,’’ Energies, vol. 14, no. 16, p. 4941, Aug. 2021. [91] K. Park, B. Ahn, J. Kim, D. Won, Y. Noh, J. Choi, and T. Kim, ‘‘An advanced persistent threat (APT)-style cyberattack testbed for dis- tributed energy resources (DER),’’ in Proc. IEEE Design Methodol. Conf. (DMC), Bath, U.K., Jul. 2021. [92] S. Ahmad, B. Ahn, S. R. B. Alvee, D. Trevino, T. Kim, Y.-W. Youn, and M.-H. Ryu, ‘‘Advanced persistent threat (APT)-style attack modeling and testbed for power transformer diagnosis system in a substation,’’ in Proc. IEEE Power Energy Soc. Innov. Smart Grid Technol. Conf. (ISGT), New Orleans, LA, USA, Apr. 2022. RUIYUN FU (Senior Member, IEEE) received the B.S. and M.S. degrees in electrical engineer- ing from the Huazhong University of Science and Technology, Wuhan, China, in 2004 and 2007, respectively, and the Ph.D. degree in electrical engineering from the University of South Carolina, Columbia, SC, USA, in 2013. She is currently an Associate Professor with the Department of Electrical and Computer Engineer- ing, School of Engineering, Mercer University, Macon, GA, USA. Her research interests include power electronics and power systems, DC/DC converters and DC/AC inverters, renewable energy conversion system design, the modeling and simulation of power semicon- ductor devices for switching converter applications, and the modeling and simulation of wide bandgap semiconductor devices (SiC and GaN). MARY E. LICHTENWALNER was born in Lawrenceville, GA, USA. She received the Bach- elor of Science degree in engineering with a focus on electrical engineering from Mercer University, Macon, GA, in 2022, where she is currently pur- suing the Master of Science degree in engineering with a specialization in electrical engineering. She is also a Staff Electrical Engineer with the Mercer Engineering Research Center, Warner Robins, GA, working on electronic warfare. THOMAS J. JOHNSON received the bachelor’s degree from Mercer University, Macon, GA, USA. He is currently pursuing the Bachelor of Science in Engineering (B.S.E.) degree with a specialization in electrical engineering. VOLUME 11, 2023 113559

More Related Content

PDF
Cyber attack and security in Smart grid .pdf
byAkritiNitp1
 
PPTX
Cybersecurity in power system ppt for power system.pptx
byanandaa22
 
PDF
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
byLeonardo ENERGY
 
PPTX
CYBER SECURITY IN THE SMART GRID
bySiva Sasthri
 
PDF
Cyber-Defensive Architecture for Networked Industrial Control Systems
byIJEACS
 
PDF
Encryption Security in SCADA Networks
byIJRES Journal
 
PPTX
Presentation1 160729072733
bySIVA SASTHRI
 
PDF
Ht r35 b
bySelectedPresentations
 
Cyber attack and security in Smart grid .pdf
byAkritiNitp1
 
Cybersecurity in power system ppt for power system.pptx
byanandaa22
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
byLeonardo ENERGY
 
CYBER SECURITY IN THE SMART GRID
bySiva Sasthri
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
byIJEACS
 
Encryption Security in SCADA Networks
byIJRES Journal
 
Presentation1 160729072733
bySIVA SASTHRI
 
Ht r35 b
bySelectedPresentations
 

Similar to A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vulnerabilities_Countermeasures_and_Testbeds.pdf

PPTX
Cyber security in Smart grid system
byamaljose949563
 
PDF
A HYBRID CNN-LSTM DEEP LEARNING MODEL FOR INTRUSION DETECTION IN SMART GRID
byijaia
 
PDF
A Hybrid CNN-LSTM Deep Learning Model for Intrusion Detection in Smart Grid
bygerogepatton
 
PPT
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
byUniversity of Southern California
 
PPTX
Security challenges to power grid and smart grid infrastructures
byP K Agarwal
 
PPTX
Cyber security of power grid
byP K Agarwal
 
PDF
designdesigndesigndesigns-05-00052-v2.pdf
byzahidafzalthoker
 
PDF
Cyber-security of smart grids
byHamza AlBzoor
 
PDF
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
byGeorge Wainblat
 
PDF
Capstone Paper
byThomas Kaczmarek
 
PDF
Security Of Cyberphysical Systems Vulnerability And Impact 1st Ed Hadis Karim...
byindmujoff
 
DOCX
Running head SMART GRID .docx
bytodd521
 
PDF
Evaluation of cybersecurity threats -mdms.pdf
byBhekumuzi Xaba
 
PDF
Smart Grid Systems Based Survey on Cyber Security Issues
byjournalBEEI
 
PDF
Utilization of Encryption for Security in SCADA Networks
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PDF
23 9754 assessment paper id 0023 (ed l)2
byIAESIJEECS
 
PDF
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
byIRJET Journal
 
PDF
Smart grid networks and security architecture: Threat analysis, threat scenar...
byJohn-André Bjørkhaug
 
PPTX
US Power Grid Vs. Smart Grid
byJosh Wentz
 
PDF
Cybersecurity of powergrid
byRajesh Sawale
 
Cyber security in Smart grid system
byamaljose949563
 
A HYBRID CNN-LSTM DEEP LEARNING MODEL FOR INTRUSION DETECTION IN SMART GRID
byijaia
 
A Hybrid CNN-LSTM Deep Learning Model for Intrusion Detection in Smart Grid
bygerogepatton
 
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
byUniversity of Southern California
 
Security challenges to power grid and smart grid infrastructures
byP K Agarwal
 
Cyber security of power grid
byP K Agarwal
 
designdesigndesigndesigns-05-00052-v2.pdf
byzahidafzalthoker
 
Cyber-security of smart grids
byHamza AlBzoor
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
byGeorge Wainblat
 
Capstone Paper
byThomas Kaczmarek
 
Security Of Cyberphysical Systems Vulnerability And Impact 1st Ed Hadis Karim...
byindmujoff
 
Running head SMART GRID .docx
bytodd521
 
Evaluation of cybersecurity threats -mdms.pdf
byBhekumuzi Xaba
 
Smart Grid Systems Based Survey on Cyber Security Issues
byjournalBEEI
 
Utilization of Encryption for Security in SCADA Networks
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
23 9754 assessment paper id 0023 (ed l)2
byIAESIJEECS
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
byIRJET Journal
 
Smart grid networks and security architecture: Threat analysis, threat scenar...
byJohn-André Bjørkhaug
 
US Power Grid Vs. Smart Grid
byJosh Wentz
 
Cybersecurity of powergrid
byRajesh Sawale
 

More from nilesh405711

PPT
Network-20210426203825.ppt
bynilesh405711
 
PDF
CHERUBIM_A_Secure_and_Highly_Parallel_Cross-Shard_Consensus_Using_Quadruple_P...
bynilesh405711
 
PPT
lecture02-cpp.ppt
bynilesh405711
 
PDF
DQDB notes.pdf
bynilesh405711
 
PPTX
Frame-Script and Predicate logic.pptx
bynilesh405711
 
PDF
Smart_Land_Registration_Using_BlockChain.pdf
bynilesh405711
 
PDF
A_Cooperative_PoW_and_Incentive_Mechanism_for_Blockchain_in_Edge_Computing.pdf
bynilesh405711
 
PPT
Introduction06.ppt
bynilesh405711
 
PDF
Smart_Land_Registration_Using_BlockChain.pdf
bynilesh405711
 
DOCX
practical 9.docx
bynilesh405711
 
PPTX
New Microsoft PowerPoint Presentation.pptx
bynilesh405711
 
Network-20210426203825.ppt
bynilesh405711
 
CHERUBIM_A_Secure_and_Highly_Parallel_Cross-Shard_Consensus_Using_Quadruple_P...
bynilesh405711
 
lecture02-cpp.ppt
bynilesh405711
 
DQDB notes.pdf
bynilesh405711
 
Frame-Script and Predicate logic.pptx
bynilesh405711
 
Smart_Land_Registration_Using_BlockChain.pdf
bynilesh405711
 
A_Cooperative_PoW_and_Incentive_Mechanism_for_Blockchain_in_Edge_Computing.pdf
bynilesh405711
 
Introduction06.ppt
bynilesh405711
 
Smart_Land_Registration_Using_BlockChain.pdf
bynilesh405711
 
practical 9.docx
bynilesh405711
 
New Microsoft PowerPoint Presentation.pptx
bynilesh405711
 

Recently uploaded

PDF
BCS402 MICROCONTROLLERS MODULE 1
byAbhijith L Kotian
 
PPTX
Web Technology Overview with list of assignments along with the technology
byYogeshDeshmukh85
 
PDF
Requirement Engineering : Capturing the Requirements
byGunjalSanjay
 
PDF
Introduction to Software , Product and Process
byGunjalSanjay
 
PDF
Operating system Introduction to System Call
bySanjay Gunjal
 
PDF
1.39 inch Flexible Round AMOLED Display for Smartwatch
bySyluxdisplay
 
PDF
Software Engineering :Software Engineering Practice
byGunjalSanjay
 
PDF
CRYPTOCURRENCY FORENSICS: A COMPREHENSIVE REPORT ON TRACKING ILLICIT DIGITAL ...
byGarima Singh
 
PDF
BO139A454SPI 1.39″ Round AMOLED Display Module, 454×454, SPI & MIPI
bySyluxdisplay
 
PPTX
MET 464- MICRO AND AND NANO MANUFACTURING -MOD 2.pptx KTU 2019
byVINAY B
 
PPTX
Starter Generator Testing – Why It Is Critical for Aerospace & Defence Platforms
byNeometrix_Engineering_Pvt_Ltd
 
PPTX
PEMET 413 KTU 2024 MODULE 2 LECTURE 3.pptx
byVINAY B
 
PDF
Lathe Machine: Definition, Parts, Types, Working and Operations
byAatif Razi
 
PDF
Seminar topic on scaffolding and its types.pdf
byMOTOSIFSHAIKH
 
PDF
22PEOIT4C_Artificial_Intelligence_UNIT_III_Notes_Final
byGuru Nanak Technical Institutions
 
PPTX
An Early Production Facility (EPF) is a modular, temporary system for rapidly...
byDrAdelSalem1
 
PPTX
Operational Amplifier (op - amp), types of op amp
byVaishaliVaishali14
 
PPTX
TechSprint Intro Session GDGOC PUSSGRC
bykashvidua39
 
PPTX
Ion exchange or demineralization to soften water.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PPTX
Diagram of Control Valves used in Industrial Fluid Power.pptx
bySBM Polytechnic
 
BCS402 MICROCONTROLLERS MODULE 1
byAbhijith L Kotian
 
Web Technology Overview with list of assignments along with the technology
byYogeshDeshmukh85
 
Requirement Engineering : Capturing the Requirements
byGunjalSanjay
 
Introduction to Software , Product and Process
byGunjalSanjay
 
Operating system Introduction to System Call
bySanjay Gunjal
 
1.39 inch Flexible Round AMOLED Display for Smartwatch
bySyluxdisplay
 
Software Engineering :Software Engineering Practice
byGunjalSanjay
 
CRYPTOCURRENCY FORENSICS: A COMPREHENSIVE REPORT ON TRACKING ILLICIT DIGITAL ...
byGarima Singh
 
BO139A454SPI 1.39″ Round AMOLED Display Module, 454×454, SPI & MIPI
bySyluxdisplay
 
MET 464- MICRO AND AND NANO MANUFACTURING -MOD 2.pptx KTU 2019
byVINAY B
 
Starter Generator Testing – Why It Is Critical for Aerospace & Defence Platforms
byNeometrix_Engineering_Pvt_Ltd
 
PEMET 413 KTU 2024 MODULE 2 LECTURE 3.pptx
byVINAY B
 
Lathe Machine: Definition, Parts, Types, Working and Operations
byAatif Razi
 
Seminar topic on scaffolding and its types.pdf
byMOTOSIFSHAIKH
 
22PEOIT4C_Artificial_Intelligence_UNIT_III_Notes_Final
byGuru Nanak Technical Institutions
 
An Early Production Facility (EPF) is a modular, temporary system for rapidly...
byDrAdelSalem1
 
Operational Amplifier (op - amp), types of op amp
byVaishaliVaishali14
 
TechSprint Intro Session GDGOC PUSSGRC
bykashvidua39
 
Ion exchange or demineralization to soften water.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
Diagram of Control Valves used in Industrial Fluid Power.pptx
bySBM Polytechnic
 

A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vulnerabilities_Countermeasures_and_Testbeds.pdf

  • 1.
    Received 14 September2023, accepted 7 October 2023, date of publication 12 October 2023, date of current version 18 October 2023. Digital Object Identifier 10.1109/ACCESS.2023.3324177 A Review of Cybersecurity in Grid-Connected Power Electronics Converters: Vulnerabilities, Countermeasures, and Testbeds RUIYUN FU , (Senior Member, IEEE), MARY E. LICHTENWALNER, AND THOMAS J. JOHNSON Department of Electrical and Computer Engineering, Mercer University, Macon, GA 31207, USA Corresponding author: Ruiyun Fu (fu_r@mercer.edu) This work was supported in part by the Mercer University Seed Grants Program. ABSTRACT With the increasing installations of solar energy, electric vehicles, and other distributed energy resources and the deeper developments of digitalization and standardization, cybersecurity became more and more essential and critical in modern power systems. Unfortunately, most prior research work focuses on the cybersecurity of power transmission and distribution networks other than distributed energy devices and their grid-connected power converters. Focusing on the Grid-Connected Power Electronics Converters (GCPECs), this article does a comprehensive review of existing outcomes from selected references, in the aspects of vulnerabilities, countermeasures, and testbeds. By analyzing the GCPEC’s layout and countermeasure can- didates, it is found that the vulnerabilities of GCPECs include both cyber and physical layers that are easily accessible to malicious hackers. These vulnerabilities in the two layers must be considered simultaneously and coordinate well with each other. Especially, hardware hardening is an essential approach to enhance cybersecurity within GCPECs. It is also noticed that the detection and mitigation approaches should consider the complexity of algorithms to be applied and assess the limits of computing and data processing capabilities in GCPECs while evaluating the feasibility of countermeasure candidates to cyberattacks in testbeds. In addition, the countermeasures should meet relevant standards, such as IEEE-1547.1, IEEE-2030.5, IEC- 61850, and IEC-62351, to ensure the interoperability and cybersecurity of GCPEC devices in smart grids. Finally, based on the review and analysis, four recommendations are raised for future research on GCPEC’s cybersecurity and their applications in smart grids. INDEX TERMS Countermeasure, cybersecurity, grid-connected, power converter, power electronics, smart grid, testbed, vulnerability. ACRONYMS AC Alternative Current. ADC Analog-to-Digital Conversion. APT Advanced Persistent Threat. ARP Address Resolution Protocol. AWS Amazon Web Service. BAS Blockchain-Assisted Smart. BMS Battery Management System. CAN Controller Area Network. CPLD Complex Programmable Logic Device. The associate editor coordinating the review of this manuscript and approving it for publication was Yuh-Shyan Hwang . CPPS Cyber-physical Power System. CSIP Common Smart Inverter Profile. CSPR Cybersecure Power Router. DAC Digital-to-Analog Conversion. DC Direct Current. DER Distributed Energy Resources. DSP Digital Signal Processor. E2E End-to-End. EPS Electric Power System. ESS Energy Storage System. FDIA False Data Injection Attack. FL Federated Learning. FPGA Field-Programmable Gate Arrays. FSM Finite State machine. VOLUME 11, 2023 2023 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ 113543
  • 2.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds GCPEC Grid-Connected Power Electronics Converters. GOOSE Generic Object-oriented Substation Event. HIL Hardware-in-the-Loop. HVDC High-voltage Direct Current. IDS Intrusion Detection System. IoT Internet-of-Things. IT Information Technology. LAN Local Area Network. M2C Modular Multilevel Converter. MCU Microcontroller Unit. MITM Man-in-the Middle. ML Machine Learning. MMS Manufacturing Message Specification. MPC Model Predictive Controller. NN Neural Network. OBC Onboard Charging. OT Operating Technology. OTP One-Time Password. PCC Point of Common Coupling. PEDG Power Electronics-Dominated Grid. PQC Quantum Key Distribution. PIC Proportional Integral Controller. PQC Post-Quantum Cryptography. PWM Pulse-Width Modulation. QKD Quantum Key Distribution. RL Reinforcement Learning. ROCOF Rate of Change of Frequency. RT Real Time. SVP System Validation Platform. WBG Wide-Bandgap. µPMU Micro Phasor Measurement Unit. I. INTRODUCTION With the rapid developments of information technology (IT) and smart grids in the past two decades, more and more dis- tributed energy resources (DERs) and energy storage systems (ESSs) are integrating into modern electric power systems. The advanced IT and smart grid techniques bring in many benefits, such as reduced emissions and fuel consumption, easy integration and management of DERs and ESSs, instant feedback of energy production and consumption, seam- less fault diagnose, and more efficient energy management depending on demand. Meanwhile, with the deeper digi- talization and standardization in smart grids, cybersecurity became a critical threat and an essential issue to be solved in electric power systems. A. HISTORY OF CYBERSECURITY IN ELECTRIC POWER SYSTEMS By investigating the history of electric power systems and the applications of digital technology and communication networks nowadays, it was pointed out that the cyberse- curity concern was caused by ‘‘the concept of security by obscurity is compromised’’, due to the negative impact of replacing old-time SCADA systems with modern digitalized communication networks as well as standardizing the names and instructions in modern power systems [1]. In traditional power systems, the communication networks were hardwired with copper wires to coordinate a very limited number of devices for a very specific reason and there was no require- ment for extensive communication/connection to the outside world. Therefore, the ‘‘old-time’’ SCADA systems are physi- cally secured. The only way to hack the system is by sneaking into the substation and implementing a physical connec- tion to the hardwired network to compromise the system. Unfortunately, the application of digital techniques and the standardization of communication networks create accessi- ble cybersecurity vulnerabilities and thus open back doors to hackers in smart grids. Indeed, digital components and devices have replaced analog components and devices sig- nificantly in many applications, to provide better and flexible controllability, easy operation and maintenance, and easy data collection. But it also compromises the physical security of the system and enables easy access to communication net- works, including malicious hackers. Moreover, although the application of the standard IEC-61850 benefits the interoper- ability among various smart-grid power devices in a modern power system, it causes the loss of cybersecurity by obscurity and the easily-identified legitimate models and data objects to hackers at the same time. Therefore, new techniques should be explored to detect and mitigate the cybersecurity vulnera- bilities brought into modern power systems unintentionally. It should be clearly stated that a smart grid is a cyber-physical system and its cybersecurity has physical lim- itations in hardware to apply some encryption algorithms for cybersecurity. Comparatively, for a pure cyber system like the telecommunication system for banking, the cybersecurity is very mature to make sure messages are sent encrypted with- out any malicious modifications to the intended recipients only [1]. In this way, the cybersecurity study in smart grids should always consider the physical limitations in hardware to ensure the proposed countermeasures are executable in practice. As the largest cyber-physical systems in the world, electric power utilities are vulnerable to cyberattacks. The mostly- recent notable cyberattack was the false data injection attack on the power distribution system in Kyiv, Ukraine, on December 23rd, 2015. The control centers of three Ukrainian electricity distribution companies were remotely accessed. Taking control of the facilities’ SCADA systems, malicious actors opened breakers at some 30 distribution substations in the capital city Kyiv and the western Ivano- Frankivsk region, causing more than 200,000 consumers to lose power for a couple of hours [2]. To mitigate the cyber- attack threats, many power companies, national research institutes and agencies, and academic researchers around the world have spent a lot of effort in time and investment on the projects/programs/trails to enhance the cybersecu- rity of smart grids, as some examples listed in Table 9 of [3]. The vulnerabilities of the communication in smart grids were introduced by the standard IEC-62351, which collects 113544 VOLUME 11, 2023
  • 3.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds FIGURE 1. Hierarchical cyber-physical structure of smart grids. security mechanisms and how to apply them to time-sensitive networking [4]. B. RISE OF CYBERSECURITY ISSUES IN GRID-CONNECTED POWER ELECTRONICS CONVERTERS As a hierarchical system, the cyber-physical structure of smart grids is indicated in Fig. 1. In the system, the power net- works interface to their relevant communication networks via sensors and control signals in the analog-to-digital conversion (ADC) and digital-to-analog conversion (DAC) approaches. The information on power generation, delivery, and consump- tion is exchanged across the communication networks. With the application of advanced IT and power control techniques, bidirectional power flow can be implemented in smart grids compared to the unidirectional power flow in traditional power systems. Typically, the transmission and distribution networks are managed and maintained by power companies, which are not easily accessible to hackers to launch physical- oriented cyberattacks. But the distributed energy devices (such as the solar power systems, ESSs, and EVs shown in Fig. 1) are managed by individual users (residents, commer- cial owners, etc.) and locate at the user’s facilities, which are relatively easy to be physically accessed and become an ‘‘open door’’ to hackers to launch malicious cyberattacks. So, grid-connected power electronics converters (GCPECs) are very vulnerable to cyberattacks. And the cybersecurity of distributed grid-connected power converters influences the safety and reliability of smart grids directly. Unfortunately, most prior research work focuses on the cybersecurity of power transmission and distribution net- works other than distributed energy devices and their grid-connected power converters. For example, in 2023 paper [5] introduced a Federated Learning (FL)-based smart grid anomaly detection scheme where machine-learning (ML) models are trained in a distributed manner by each smart meter device without requiring to share its local data with a central server. This proposed method demonstrated efficient operation in terms of memory, CPU usage, bandwidth, and power consumption at edge hardware. Targeting the cyberse- curity of power transmission and distribution networks, there were numerous accomplishments presented at professional power system conferences, such as the IEEE Innovative Smart Grid Technologies (IGST) and the IEEE Power and Energy Society General Meeting (PES-GM) hosted by the IEEE Power and Energy Society (PES), and published at the journals of IEEE and IET transactions. Comparatively, there was very limited study on the cybersecurity of GCPEC, especially on the physical layer of GCPEC, up to date. That is the reason there were a couple of workshops and symposia the IEEE Power Electronics Society created in recent years: the CyberPEL in 2019 and 2020, and the Design Methodolo- gies Conference (DMC) in 2021 and 2022 [6]. Also, paper [7] of 2023 studied the cybersecurity of smart inverters and inverter-based systems like microgrids. Therefore, focusing on the cybersecurity characteristics of GCPEC, this article does a comprehensive review of existing outcomes from selected references and raised some recom- mendations to the future work of enhancing the cybersecurity of GCPEC. The main contributions of the work can be sum- marized as follows: 1) This article provides a detailed overview of GCPEC’s layout, structure, and features. Based on these, the cybersecurity vulnerabilities of GCPEC and their impacts on smart grid operations were discussed, which lead to a classification of cybersecurity vulnerabilities depending on their relationships to the interior structure and components of GCPEC; 2) This article performs a comprehensive review of cybersecurity countermeasures, focusing on the ones mostly-relevant to GCPEC and proven effective. Mit- igation approaches against cyberattacks were intro- duced in different aspects: the cyber layer, the physical layer, and the coordination to cybersecurity standards; 3) This article also presents several hardware testbeds for the cybersecurity study of GCPECs. These testbed examples are groundbreaking efforts and can be used by peers as reference to explore and design suitable hardware testbeds to meet their own cybersecurity val- idation needs; 4) This article raises some recommendations as potential directions for future research on cybersecurity vulner- abilities, countermeasures, and testbeds for GCPECs. This paper focuses on the GCPEC’s cybersecurity issues and thus no superfluous statement on the cybersecurity of power transmission and distribution systems is included herein. This paper presents and analyzes the cybersecurity of GCPEC, in the aspects of vulnerabilities, countermeasures, and testbeds. The following sections are organized as fol- lows: Section II introduces the GCPEC and its interactions with distributed energy devices and smart grids briefly, and then reveals its relevant vulnerabilities in cybersecurity; Section III explores the countermeasure ideas and approaches VOLUME 11, 2023 113545
  • 4.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds to different cyberattacks and analyzes their performances, as well as their coordination to cybersecurity standards; Section IV demonstrates some testbed examples to validate cybersecurity solutions for GCPEC; and finally, Section V discusses some recommendations for future study, which lead to a conclusion drawn in Section VI. II. VULNERABILITIES OF CYBERSECURITY This section introduces the layout of GCPEC and its interac- tions with distributed energy devices and smart grids. After that, based on the structure and features of GCPEC, the vulnerabilities of GCPEC and their impacts on smart grid operations are reviewed and discussed. A. LAYOUT OF GCPEC Fig. 2 shows the general structure and major components of GCPEC. The GCPEC mainly consists of two sections: one is the ‘‘Power Electronics Conversion’’ to handle the voltage and frequency conversions of electric power between the direct-current (DC) power of distributed energy devices and the tie point of three-phase alternative-current (AC) power of utility grids, i.e., the ‘‘Grid Tie’’ shown in Fig. 2; the other one the ‘‘Communication Module’’ to collect, exchange, and share power information, data, and command with the upstream communication devices in smart grids in real- time. One example is the internet-of-things (IoT) device, which is a collaboration of custom-designed technologies to interconnect internet-enabled physical devices and enable communication with each other through a wireless network. As some existing GCPEC devices invert dc power into ac format in a smart grid and deal with operation monitoring via telecommunications, they are often called ‘‘smart inverters’’ in some literature. FIGURE 2. The layout of GCPEC and its interconnections to distributed energy devices and smart grids. The dc power components within the distributed energy devices include solar panels and battery packs in ESSs and EVs. Due to the energy storage feature of batteries, bidirec- tional power converters should be adopted to support flexible energy storage and delivery to smart grids freely. For solar energy harvesting, there is unidirectional power delivery from solar panels to smart grids through GCPECs. Depending on the voltage level of dc power, the GCPEC can utilize a single-stage power conversion of ‘‘DC-AC’’ or a dual-stage power conversion of ‘‘DC-DC-AC’’ with an additional dc booster. Based on Fig. 2, it is noticed that cyberattacks can be launched against either the power conversion section physi- cally or the communication module in cyber. Therefore, the cybersecurity of GCPEC is not a sole cyber issue anymore and its vulnerabilities in hardware and related hardening approaches should be considered. B. VULNERABILITIES OF GCPEC 1) PRIOR CASES OF VULNERABILITY STUDY Previously, the firmware vulnerabilities in power electronics converters were discussed in [8]. These firmware attacks have the potential to ‘‘disrupt power, damage inverter systems, threaten human health and safety, and harm economic loss’’ [9], [10]. There are three major attack points in the firmware attack surface: 1) vendor access via a regular software update and maintenance network remotely; 2) user access via user remote interface; and 3) user physical access via USB flash drive or local area network (LAN) [9]. Focusing on a battery management system (BMS), paper [11] summarized five common attack points: 1) network vul- nerability, 2) software/firmware vulnerability, 3) data storage vulnerability, 4) on-board interface vulnerability, and 5) hard- ware component security vulnerability. These vulnerabilities include weaknesses in both the physical layer and cyber layer within the battery management system. Also, based on an EV charger, various data integrity attacks on power electronics hardware were analyzed in [12]. According to the comprehensive control scheme for the onboard-charging (OBC) control, there are four major types of cybersecurity threats classified for the OBC system: modi- fication, interference, interruption, and interception [13] [14]. By applying and modeling these cyberattacks in the OBC system, they can be generally classified into control-based attacks and hardware-based attacks. In control-based attacks, cyberattacks can be launched toward the controller area net- work (CAN) communication bus and the side channels of field-programmable gate arrays (FPGA) in the OBC sys- tem. And hardware-based attacks can occur to disable the hardware circuitry of the OBC system, such as the sudden loss of load, grid-side short circuit, sudden loss of the input, etc. These hardware attacks may disable the OBC system permanently and cause personnel to be hurt or even die in practice. Actually, these classified vulnerabilities can be broadly expanded to other communication networks, micro- controllers, and hardware circuitries in power electronics devices [12]. Moreover, as discussed in Section I - ‘‘Introduction’’, the deeper standardization of the smart grid introduced cyber- security vulnerabilities. Paper [15] revealed the possible cyberattacks on smart inverters (SIs) via changing the critical points in their operation modes. As IEC/TR 61850-90-7 [16] defines nine standardized interoperability function modes for distributed energy resources, seven power-related function modes are in charge of SI’s operation, in the aspects of active/reactive power control and frequency control. Dif- ferent from volt-var control in other literature, paper [15] 113546 VOLUME 11, 2023
  • 5.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds focuses on the volt-watt management capability in the two standard modes named ‘‘VW51’’ and ‘‘VW52’’. The stan- dard ‘‘VW51’’ curve is designed for the generation to avoid SI causing overvoltage in the system, while the standard ‘‘VW52’’ curve being used for charging against overvoltage in the system. The two standard curves might be compro- mised by a hacker and thus their operating points are badly tampered with. This research in [15] has demonstrated this vulnerability in SI, which can cause disastrous consequences in power systems. In addition, there was research on the cybersecurity related to quantum computing. In 2021, paper [17] firstly introduced the vulnerabilities of quantum security for power infrastruc- tures including distributed energy resources (DERs). As a ground-breaking technology, quantum computing pushes the boundary of cybersecurity. Due to its superfast computing (theoretically, trillion-level faster than a conventional classi- cal computer), quantum computing attacks can break most of the latest cryptography algorithms. As countermeasures, there were two promising quantum-safe technologies: quan- tum key distribution (QKD), and post-quantum cryptography (PQC) evaluated in [17]. The QKD generates a one-time pass- word (OTP) through the quantum channel to continuously provide the secret keys for OTP based on physical laws. The PQC technology requires the computational capability of the DER should be sufficient to meet the requirements of PQC algorithms. Five types of PQC were compared and draw the conclusion that the PQC requires longer latency than the one- PQC algorithm. Therefore, it is expected that PQC can be applied to the DER network with 5G data transmission speed. Based on the analysis, it was recommended that: 1) it will be practical solutions to develop cost-effective quantum devices and a server-based QKD network, say ‘‘apples to apples’’; 2) since QKD does not encrypt data itself, it still requires PQC to achieve quantum-safe security; and 3) when only PQC is adopted for quantum-safe security, the advanced communi- cation network with high transmission speed is required or a light-weight PQC should also be developed. 2) DISCUSSION ON GCPEC’S VULNERABILITIES By reviewing the GCPEC’s vulnerabilities explored in the previous studies, it is noticed that: no matter whether it is a battery management system, an EV charger, a smart inverter for solar panel, or any other type of grid-connected power electronics converter, the interior structures of these GCPEC devices are similar and mainly consists of the main power circuit and auxiliary circuits, the drive circuit and sensors, and the controller that communicates upstream networks. The main power circuit handles the electric power flow through GCPEC, either unidirectional or bidirectional. The configu- ration of the main power circuit is determined by the topology of GCPEC and its power semiconductor devices. The other main component is the controller, which communicates to the upstream commander through communication networks, pro- cesses the control commands and sensor feedback, monitors the GCPEC’s status, and generates signals to control the behavior of power semiconductor devices through the driver circuit. The controller can be carried on various analog and digital electronics controllers, such as digital signal proces- sors (DSPs), FPGAs, microcontroller units (MCUs), etc. The drive circuit enlarges the power level of the control signal to drive the power semiconductor devices in the main power circuit. Both the sensors and driver circuits serve as the interfaces between the main power circuit and the controller. In addition, there are auxiliary circuits to protect the GCPEC devices and personnel of operation and maintenance. FIGURE 3. Classification of cybersecurity vulnerabilities, and their relationships to the interior structure and components of GCPEC. Depending on the vulnerability’s discussion and the anal- ysis of GCPEC’s interior structure, cyberattacks can be launched through cyber layers, such as communication net- work access, the firmware of IoT devices, and data storage ICs, as shown in Fig. 3. Also, the cyberattacks can be physically implemented via sensors, pulse-width modulation (PWM) and driver circuits, and system protective circuits, such as overcurrent/overvoltage protection, thermal protec- tion, etc. Fig. 3 illustrates the classification of these vulner- abilities and their relationships to the interior structure and components of GCPEC. These vulnerabilities are classified into: access attacks, firmware attacks, data storage attacks, PWM signal attacks, and protective circuit attacks. These vulnerabilities can be maliciously attacked by the means of cyber, physical, or both. These vulnerabilities are general cyberattack threats to the GCPEC devices and thus should be all considered and checked during the study of cyberse- curity countermeasures. Considering the unique features of quantum computing, the vulnerabilities of quantum security are excluded from the scope of this article. Based on the discussion above, the cybersecurity vulnerabilities and their relevant interior structure and components in the cyber and physical layers within GCPEC are classified in Table 1. III. COUNTERMEASURES OF CYBERSECURITY This section introduces the countermeasures of cybersecurity for GCPECs in three aspects: 1) the mitigation approaches to deal with the vulnerabilities at the cyber layer, such as the data VOLUME 11, 2023 113547
  • 6.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds TABLE 1. List of cybersecurity vulnerabilities in GCPEC devices. storage attack, firmware attack, and network access attack; 2) the mitigation approaches to overcome the vulnerabilities at the physical layer, say ‘‘hardware hardening’’ to GCPEC; and 3) the coordination to the existing and developing stan- dards relevant to the cybersecurity and GCPECs, such as the standards IEC-61850, IEC-62351, IEEE-1547.1, IEEE-1815, and IEEE-2030.5. The GCPECs should meet these standards to guarantee their cybersecurity and interoperability in smart grids. A. MITIGATION METHODS AGAINST CYBERATTACKS There are several methods explored to detect and mitigate cyberattacks for GCPECs, which are based on the techniques of blockchain and watermarking, as well as the PQV-limit model for intrusion detection. This subsection focuses on the mitigation methods for GCPEC’s cybersecurity issues and thus not include any superfluous statement on the mitigation methods for the cybersecurity of power transmission and distribution systems. The reviews of these study cases lead to the recommendation of future research in Section V-A. 1) BLOCKCHAIN TECHNIQUE Blockchain is a system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system. Blockchain is a shared, immutable ledger that facilitates the process of recording transactions and track- ing assets in a network. In 2020, paper [18] proposed a metering method based on the blockchain network in smart inverters. This method operates similarly to micro phasor measurement units (µPMUs) and is implemented by an IoT device as a local security node. The blockchain network was designed to validate measurement data, generate a metering ledger, manage ID, and store metering ledgers [18]. The proposed blockchain network focused on the utilization of blockchain smart contracts, which are self-executing scripts that execute the terms of contracts triggered by designated events. This method was proven by experimental tests on its improvement to the communication and data security of the IoT-enabled smart inverters. It helps to enhance visibility and situational awareness for advanced grid services. The proposed blockchain-assisted smart (BAS) inverters are cost- effective, which is estimated at only $20∼$100 versus a typical PMU of $2,000∼$5,000. This is an attractive feature to realize cost-effective cybersecurity solutions in GCPECs. Later in 2021, a blockchain-based firmware security check and recovery framework were proposed to mitigate the threats from firmware security attackers [9]. The blockchain proper- ties defined in the framework include: 1) permissioned and private network (membership service); 2) maintaining data integrity-the blockchain normally will not be altered after being committed into the ledger; 3) smart contracts define a set of rules to govern transactions within the network; and 4) distributed ledgers to avoid the point of a single attack. In 2021, a blockchain-based man-in-the middle (MITM) attack detection method was proposed for a PV system [19]. This method utilizes security modules attached to operating technology (OT) devices in a PV system and distributed blockchain network with users or vendors involved to build a cooperative data integrity validation ecosystem. Experimen- tal tests were performed to validate that this method can detect MITM attacks modifying in-transit data by keeping tracing authentication, integrity, and authorization of data, as well as providing security logs of the critical assets [19]. Furthermore, the blockchain technique was applied to enhance the cyber-physical security of BMSs in 2022 [11]. It was pointed out that BMS developers may overlook and neglect potential security-related vulnerabilities for current BMSs and future BMSs in cyber-physical environments. Therefore, the paper [11] firstly investigated this urgent chal- lenge and how to mitigate the cyberattacks on BMSs and introduced the infrastructure and features of the BMS with blockchain technology. It was highlighted that blockchain is a distributed data structure consisting of timestamped blocks and links between the blocks called ‘‘chains’’, and the blocks are inherently resistant to tampering and revision [20]. And a smart contract is an event-driven program that executes the terms of contracts with the state, which run on a replicated, shared blockchain ledger [20]. In this way, the BMS develop- ers can utilize the smart contract to implement an efficient trading workflow between the blockchain network and the physical world, i.e., the BMS in this application. Focusing on the five common attack points of BMSs stud- ied in [11] and described in Section II-B: 1) the network vulnerability, 2) the software/firmware vulnerability, 3) the data storage vulnerability, 4) the on-board interface vulnera- bility, and 5) the hardware component security vulnerability, blockchain technique was used to address all these vulnerabil- ities, respectively. For each common attack point, the relevant blockchain strategy was proposed and discussed for securing BMSs, as listed in Table 2. The paper [11] also compared several blockchain plat- forms and found the Hyperledger-Fabric is the most fea- sible for BMS applications. Besides the excellent features of other blockchain platforms, the Hyperledger-Fabric is a private and permissioned blockchain type, which requires less energy and computation. It has significantly less latency in a blockchain ledger creation without the requirement of transaction fees/coins. It also has the ability of running smart contracts. The paper [11] can serve as a baseline reference for the understanding and design of cybersecurity-related 113548 VOLUME 11, 2023
  • 7.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds TABLE 2. Cybersecurity vulnerabilities and their corresponding blockchain strategies (summarized from [11]). issues in BMS. Obviously, the blockchain technique can be expanded and generally applied against the cybersecurity vulnerabilities in GCPECs for smart grid operations. 2) WATERMARKING TECHNIQUE A digital watermark is a kind of marker covertly embedded in a noise-tolerant signal such as audio, video, or image data. It is typically used to identify ownership of the copyright of such signal. ‘‘Watermarking’’ is the process of hiding digital information in a carrier signal; the hidden information should, but does not need to, contain a relation to the carrier signal [34]. Digital watermarks may be used to verify the authentic- ity or integrity of the carrier signal or to show the identity of its owners. It is prominently used for tracing copyright infringements and for banknote authentication. In 2020, paper [35] introduced an active detection scheme based on the dynamic watermarking technique [36], [37] for cyberattacks in grid-tied PV systems. Further, in 2021 the dynamic watermarking technique was applied to detect the problem of attacks on sensor measurements, which forms a ‘‘robust cyber shield’’ named for grid-connected PV inverter system [38]. The tampering behavior on sensor measure- ments, a kind of fault data injection, can be detected to avoid instability in power inverter systems. The dynamic water- marking test equations are derived from the mathematical expression of the inverter control system for cyberattack judg- ment. The matrices ‘‘A’’ and ‘‘B’’ in these test equations are calculated from the system identification methodology [38]. The performance of the proposed robust cyber shield was demonstrated in simulation and experimental tests on a test system of a 5 kW PV inverter connected to a 240 V grid. It was noticed that a nonlinear load of 2.4 kW was included in the test system, to verify the impact of voltage harmonics introduced by the nonlinear load on the proposed detection scheme. The test results demonstrated that the proposed digi- tal watermarking algorithm can almost instantaneously detect tampering on sensor measurements, even if there is a nonlin- ear load in the system. These research activities verified the effectiveness of the watermarking technique in dealing with the false data injection into sensor measurements, as well as serving as potential resistance to general cyberattacks. 3) INTRUSION DETECTION BASED ON PQV LIMITS PQV limits can be used to identify three distinct operation regions of GCPEC: normal, safe, and abnormal. In 2020, an intrusion detection system (IDS) was proposed based on the theory of PQV limits in PV inverters [39]. This method can be used for cybersecurity detection in a distribution net- work with a high penetration of PV inverters, especially on false data injections. The IDS is based on the state-space model of grid-following inverters. Its design relies on the network topology, network inverters’ ratings, and controller specifications. The accuracy of this method is influenced by the impedance (Rgi and Lgi) in the network. Rgi and Lgi are the resistance and inductance seen by the ith distributed inverter from its local point of common coupling (PCC) to the main grid feeder bus terminal [39], respectively. The impedance can be determined by a graph theoretic approach [40] in the application. Based on the derived PQV contours, an IDS block diagram was developed in [39] for proactive intrusion detection. And its effectiveness was verified in the simulation tests of a power electronics-dominated grid (PEDG) with four 30 kVA grid-following inverters. Based on the analysis of the mitigation methods applied to GCPECs, the blockchain technique is based on distributed data structure and has a notable feature of low energy and computation capability from the controller of GCPEC. Com- paratively, the watermarking technique and the intrusion detection are all based on the mathematical modeling of GCPEC systems. The accuracy of the system parameter esti- mation has a direct effect on the effectiveness of cybersecurity mitigation. The mathematical models also require additional data storage space in the controller of GCPEC. This bur- den may block the application of these techniques on some GCPEC devices, which have limited computing and data storage capabilities. In addition, paper [41] introduced a noninvasive anomaly diagnosis mechanism to distinguish cyberattacks and faults in power electronics systems. This mechanism only requires locally-measured voltage and frequency as inputs and can distinguishes anomalies within 5 ms, which is the fastest diagnosis time per the authors’ best knowledge in 2023, com- pared to other existing anomaly diagnosis mechanisms [42], VOLUME 11, 2023 113549
  • 8.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds [43], [44]. The scheme of this mechanism was validated on two benchmark distribution systems: CIGRE LV distribution system and IEEE 37-bus distribution systems, using real-time (RT) simulations in OPAL-RT environment with HYPERSIM software and also on a hardware prototype [41]. Recently, some efforts were conducted to exploit vul- nerabilities of established countermeasures of cybersecurity for GCPEC. Paper [45] of 2023 proposed a reinforcement learning (RL)-based method to uncover the deficiencies of existing false data injection attack (FDIA) detectors used for modular multilevel converters (M2C) applications, a promi- nent solution for high-efficient long-distance high-voltage direct current (HVdc) transmission systems. Depending on the defined RL scheme, it is necessary define the following elements to use the RL technique for obtaining the FDIA attacker: 1) the inputs of the actor, which is the neural network (NN) that will define the attack, and the critic, another NN that evaluates the cost; 2) the output of the actor; 3) the reward function that drives the training; 4) the experiment design [45]. The effectiveness of this RL method was verified in HIL studies, which found that the attack sequences depend on the characteristics of the FDIA detector studies, i.e., the more sophisticated the FDIA detectors, the more complex attack sequences will be generated by the proposed RL-method. This method can help to improve the detection effectiveness of the current FDIA detectors available nowadays. B. HARDWARE HARDENING Hardware hardening is an essential approach to physically secure the safety of GCPEC’s operation and interconnected systems. To the best knowledge of the authors, up to date there were two hardware-hardening approaches developed to mitigate cyber threats physically in GCPECs and thus enhance the security of digital controller and driver circuitry, respectively. By studying these two cases, more novel meth- ods and designs of hardware hardening should be developed to strengthen the physical security of GCPEC further as discussed in Section V-B. 1) PARALLEL CONTROL FRAMEWORK In 2022, a parallel control framework was proposed against the impact of cyberattacks on the operation of power convert- ers [46]. The control framework consisted of a digital model predictive controller (MPC) and an analog proportional inte- gral controller (PIC), which were physically connected in parallel. When a cyberattack was detected, the digital MPC was isolated from the control loop and thus the analog PIC handled the control of the power converter. After the cyberat- tack disappeared, the MPC could be reconnected immediately and dominated the control loop again. In paper [46], a pulse width modulation (PWM) merging unit was designed to con- trol and select the PWM signals between MPC and PIC under normal conditions and the compromised conditions caused by cyberattacks. The mathematical model of the proposed paral- lel framework and the digital MPC design were introduced in [46] in detail. Due to the consideration of the PIC in parallel, the MPC design was more complicated than usual. But the added hardware for the parallel framework only included the extra PWM merging unit, a cyberattack detection unit, and some multiplexers, which made it a cost-effective solution to enhance the security of power converters via hardware hardening in practical applications. The proposed parallel framework was verified on a 1-kW buck converter prototype. The digital MPC was designed and coded on TI’s DSP TMS320F28335 [47]. The experimental tests were conducted to compare the performance of MPC and PIC, analyze the influence of parameter mismatching, and verify the effectiveness of the parallel control under cyberattacks, as well as the restoration of the system after the cyberattack disappeared or was removed. The experimen- tal results proved that the proposed parallel controller can provide good steady-state and dynamic performance in the cybersecurity of power converters. 2) SECURITY-ENHANCED DRIVER CIRCUIT In 2020, a new extra digital-logic circuit was proposed in [12] to enhance the security of the driver circuit in an OBC system. This simple circuitry was inserted between the controller and driver ICs to eliminate possible severe dc-link short-circuit failure and thus enhance the reliability of the OBC system. Since paper [12] revealed that this logic circuit can operate properly and safely up to 2 MHz switching in PWM, the new logic circuit can be generally applied to GCPECs with various power semiconductor switching devices, e.g., IGBTs and MOSFETs, including the traditional silicon-based ones and the emerging wide-bandgap (WBG) based and ultra- WBG ones. By studying the two hardware-hardening approaches, it is noticed that each approach provides one protection towards a particular hardware component within GCPEC. The parallel- control framework protects the digital controller and enables its continuous offline operation under cyberattack. And the security-enhanced driver circuit protects the switching logic of the driver circuit in GCPECs. Both hardware-hardening approaches cost-effectively implement their functions. In future, more innovative approaches should be invented to harden the other hardware components as shown in Fig. 3. In addition, in 2021 paper [48] introduced a method inte- grating the concepts of firmware hot-patching, digital twins, and active monitoring to realize an embedded online security into the cybersecurity protection of grid-connected devices. This method focuses on the control and hardware layer and embeds both an online digital twin and hot-patching methodology into the controls of a grid-connected device. The concept of a digital twin was described in [49], and the concept of hot-patching was introduced in [50], [51], [52], and [53]. This method will allow for firmware to be patched and validated from the control layer before it is activated to control the overall system, which adds an additional layer of protection. Paper [48] validated the effectiveness of the 113550 VOLUME 11, 2023
  • 9.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds proposed method on an embedded controller architecture consisting of an FPGA and two DSP controllers and various auxiliary components (as shown in the Fig. 2 of [48]). C. COORDINATION WITH CYBERSECURITY STANDARDS All GCPECs in smart grids should coordinate with certain requirements and protocols defined in relevant standards to ensure their interoperability and highly-secured cybersecurity in the system. Two sets of standards are discussed here: 1) IEC-61850 and IEC-62351, which regulate the commu- nication protocols and their cybersecurity countermeasures; and 2) IEEE-1547.1, IEEE-1815, and IEEE-2030.5, which regulate the interoperability of distributed energy resources in smart grids. Below are the descriptions and discussions on these standards, which can be used as references for the coordination study of GCPEC’s integration into smart grids with enhanced cybersecurity. 1) IEC-61850 AND IEC-62351 STANDARDS Standard IEC-61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. From substations to grids, IEC-61850 has become the most promising communication standard for the integration and interoperation of power instruments and devices from various vendors in smart grids. To over- come the cybersecurity threats from the IEC-61850 evo- lution, IEC-62351 was developed to mitigate the threats by securing different IEC-61850 messages. The IEC-61850 message structures and the performance of security analysis by using IEC-62351 security mechanisms were conducted in [54]. Accordingly, IEC-62351 was developed for handling the security of the TC-57 series of protocols including the IEC-60870-5 series, IEC-60870-6 series, IEC-61850 series, IEC-61970 series & IEC-61968 series. It establishes a com- plete end-to-end (E2E) security model required for power system communications. Studying the background and security requirements in IEC-61850 power utility automation systems, there are four basic security requirements: confidentiality, integrity, avail- ability, and nonrepudiation [55]. Due to the two main factors of IEC-61850’s popularity: a) easy connection via Ethernet; and b) standardized message structures, it creates undesired cybersecurity vulnerabilities via the communication network of power systems. Paper [56] revealed that false data attacks can be identified by modifying generic object-oriented sub- station events (GOOSE) messages and trip circuit breakers in substations. Paper [57] concluded three types of so-called ‘‘GOOSE poisoning’’, which include high-status number attacks, high-rate flooding attacks, and semantic attacks [58], [59], [60]. And paper [61] demonstrated a Man-In-The- Middle (MITM) attack on the IEC-61850 manufacturing message specification (MMS) messages by the address res- olution protocol (ARP) spoofing. These different types of security attacks and their relevant requirements in IEC-61850 automation systems were summarized in [54]. To mitigate these false data attacks, IEC-62351 provides smart grids E2E cybersecurity measures and solutions. Three security requirements specified by IEC-62351 for different IEC-61850 messages were analyzed in [54]: a) GOOSE and SV messages. The ‘‘SV’’ is shorted for ‘‘sampled val- ues’’; b) R-GOOSE and R-SV messages. The ‘‘R’’ represents ‘‘routable’’. These messages are essentially the same as the first category ones but can be routed to different LANs and WANs, which could extend their operations domain signifi- cantly but also introduce additional cybersecurity vulnerabil- ities; and c) MMS messages used for P2P communications. From the analysis, it was found that the use of the RSA digital signature defined in the IEC-62351-6 standard for securing GOOSE and SV does not meet the timing considerations of IEC-61850 in [54]. It was also highlighted that ‘‘The IEC-61850-90-5 stipulates that for R-GOOSE and R-SV, the information authenticity and integrity are mandatory require- ments, while the confidentiality is left as optional.’’ and ‘‘for the optional confidentiality of R-GOOSE/R-SV messages, IEC-61850-90-5 recommends the use of encryption algo- rithms, such as AES-128 and AES-256 algorithms’’. Also, the packet format and signature algorithms were described for the secure R-GOOSE and R-SV messages in [54]. In addition, for MMS client-server messages, the security issues were analyzed for the transport profile and application profile, respectively. The recommended cryptographic algorithms for the E2E security profile were listed in [54], which can be used as a good reference to understand the cybersecurity vulner- abilities of IEC-61850 messages. It recommended solutions in IEC-62351 to explore cybersecurity solutions for the IEC- 61850-based substations and smart grids, in consideration of timing limitations in practice. Paper [4] introduced vulner- abilities of the communication in smart grids and revealed the security mechanisms collected by IEC-62351 and how to apply them to time-sensitive networking. Moreover, there are a couple of tables and figures that can be used as good references to understand the relationships between IEC-61850 and IEC-62351 standards and different security threats and measures, as listed in Table 3. Paper [62] of 2022 demonstrated a design of smart controller for managing penetration of renewable energy in a smart grid by integrating the IEC-61850 communication layer and physical intelligent electronic devices. 2) IEEE-1547.1, IEEE-1815, AND IEEE-2030.5 STANDARDS Since the introduction of renewable energy resources and distributed power generations, the standard IEEE-1547-2013 was developed in 2013 to define the technical specifica- tions and testing of the interconnection and interoperability between utility electric power systems (EPSs) and dis- tributed energy resources (DERs). In 2018, the standard IEEE-1547-2018 was updated to include standardized inter- operability. Later, in 2020, the standard IEEE-1547.1 doc- umented the step-by-step test procedure for evaluating the interoperability requirements of IEEE-1547-2018. Besides the IEEE-1547 series standards, the Nationally Recognized VOLUME 11, 2023 113551
  • 10.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds TABLE 3. A list of table and figure references selected from [4] and [54]. Testing Laboratories (NRTLs) certified DER’s compliance with Underwriters Laboratories (UL) 1741 [63], [64]. The IEEE-2030.5 is a standard for communications between the smart grid and consumers, which uses IoT concepts and gives consumers a variety of means to manage their energy usage and generation. Generally, there are four compliance protocols focusing on the DER’s compliance as described in [63] and listed in Table 4 herein. The UL-1741 supplement A (SA) is a safety test standard to certify products, which meet the require- ments of safety and reliability in operation in support of grid modernization efforts. It validates compliance for grid support utility interactive inverters, i.e., the ‘‘smart inverters’’, functionally. TABLE 4. A list of four compliance protocols on DER’s compliance (summarized from [63]). Paper [63] used four test devices to demonstrate an open-source framework for the evaluation of DER’s interoperability: a) a SunSpec DER Simulator with a SunSpec Modbus interface; b) an EPRI-developed DER simulator with an IEEE-1815 interface; c) a Kitu Systems DER simulator with an IEEE-2030.5 interface; and d) an EPRI IEEE- 2030.5-to-Modbus converter. The Table. 2 and Table. 3 of [63] listed the information of different interoperability tests required and mandated in IEEE-1547.1 for each protocol, including the nameplate data tests, configuration information tests, monitoring information tests, and various management information tests, respectively. The open-source framework is openly available to DER vendors, utility operators, cer- tification laboratories, and research institutions to evaluate and analyze the target DER’s interoperability performance, in the aspects of implementation, communication, testing, interoperation, and cybersecurity. Three information models for IEEE-1547 functionality were used to validate the interoperability of multiple DER simulators: a) 700-series SunSpec Modbus model definitions [76]; b) DNP3 application note [77]; and c) common smart inverter profile (CSIP) [78]. Paper [63] represented the first detailed investigation of these information models using the DER interoperability certification procedure and was the first to demonstrate the IEEE-1547 communication proto- cols [63]. In their experiment work, the system validation platform (SVP) was connected to four DER end-point sim- ulators, which each used an IEEE-1547-mandated protocol: SunSpec DER, IEEE-1815 DER, IEEE-2030.5 DER #1, and IEEE-2030.5 DER #2. It was highlighted that ‘‘the IEEE 1547.1 testing is not a comprehensive interoperability test sequence. It is designed to verify a basic level of function- ality to demonstrate the DER communication interface is connected appropriately to the electrical control and mea- surement capabilities of the DER’’ [63]. Therefore, separate certification programs and activities may need to be con- ducted to fully validate the communication capabilities of DER, depending on the requirements of interoperability in utility grids. Based on the features of simulators, the authors of [63] from Sandia National Laboratories, SunSpec Alliance, and Electric Power Research Institute (EPRI) conducted a series of tests on the prototype DER devices to assess the IEEE- 1547.1 interoperability. These tests included the nameplate data tests, the configuration data tests, the monitoring infor- mation tests, and the management information tests. From the experiment process, a couple of issues were explored with the IEEE-1547.1 test procedure, the information mod- els, pySunSpec2, and the DER simulators running each of the protocols. This information and results are valuable to power companies, utility management and operators, and researchers from academia and institutes to assess the inter- operability performance of their DER products and pro- totypes. The SunSpec SVP Dashboard test platform [79] and relevant tables and figures described in [63] can be used by DER developers and researchers in the labora- tory to configure their own testbeds and plan tests as references. 113552 VOLUME 11, 2023
  • 11.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds Based on the state of the art of these standards, the mit- igation methods of GCPECs should be checked to ensure their compatibility with IEEE-1547.1, IEEE-1815, and IEEE- 2030.5 standards for system interoperability. At the same time, the mitigation methods of GCPECs can contribute to the development of IEC-61850 and IEC-62351 for cyberse- curity at GCPEC end, as an addition to the cybersecurity of transmission and distribution networks. IV. TESTBEDS FOR CYBERSECURITY VALIDATION In this section, several hardware testbeds are introduced for the cybersecurity study and experiments of GCPECs applied to DERs, PVs, and EVs. As a ‘‘new-new’’ technology, cases of cybersecurity validation in hardware are rare up to date. Therefore, these hardware testbeds are groundbreaking efforts and can be used by peers as references to explore and design suitable hardware testbeds to meet their own cybersecurity validation needs. A. TESTBED EXAMPLE #1 – ‘‘CSPR PROTOTYPE’’ A power cybersecure power router (CSPR) prototype was introduced in [80], which can route control of the power electronics converters between a primary controller and a sec- ondary controller, as well as a set of lockout signals. The pro- posed cybersecure scheme can avoid unfavorable interrupted operations in power converters, while the firmware of the power converters is being updated. The power-electronics- related cyber threats were summarized in a threat matrix in terms of assets, threats, and mitigation methods. The assets and threats were briefly discussed in the classifications of: 1) network communication, 2) firmware, 3) hardware, and 4) power processing. Many metrics and security fea- tures for these assets require little adaptation for the CSPR prototype [80]. The major components of the CSPR prototype are listed in Table 5. The interconnections of these major components were shown in a block diagram (as the Fig. 2 of [80]). The CSPR prototype was energized by a BK Precision power supply (model 1672) and delivered electric power to a dc load bank of 1.2 k. During experimental tests, the input power of the C prototype varied within [9.0, 25.0] V and up to 0.5 A. In the cyber layer of the CSPR prototype, a heartbeat was generated by each controller coded in the two TI DSPs and then supplied to a hardware-assisted monitor instantiated within the complex programmable logic device (CPLD) [80]. The heartbeat was used to evaluate the firmware integrity at run-time [81]. In addition, some other cyberse- curity mitigation methods were embedded into the CSPR prototype, such as AES-128 encryption, a key management system, and low-level hardware protections. The experiment results verified the enhancement of firmware security dur- ing run-time, booting/upgrading, and malfunction conditions. The CSPR prototype has notable features in control flexibil- ity and independent configuration for firmware security in grid-connected power electronics converters. TABLE 5. A list of major components in CSPR prototype (summarized from [80]). B. TESTBED EXAMPLE #2 – ‘‘PV-SYSTEM TESTBED’’ A PV system testbed with blockchain-assisted enhancement was introduced in [9] and [18]. The physical power layer mainly included PV simulators (i.e., dc power supplies), power inverters, resistive loads, and a blockchain network programmed in a PC. Each power inverter consisted of a 280-watt Texas Instrument (TI)’s solar microinverter [82] and a Lattepanda IoT device [83]. The Lattepanda IoT device acted as a local secure node to carry blockchain code and interfaced with a Piccolo TMS302F28035 DSP controller in the power inverters. In the cyber layer, the proposed blockchain was embedded into the Lattepanda via a software named ‘‘Hyberpedger-Composer’’. This testbed is suitable for laboratory experimental tests for cybersecurity method- ology verifications. Furthermore, paper [11] introduced a cyber-physical bat- tery testbed, which mainly consisted of three IoT-enabled battery modules, a local blockchain network, and an Amazon Web Services (AWS) cloud. A Lattepanda IoT device was connected to a TI’s BMS of model ‘‘bq76920EVM’’, which was used to monitor and manage five Li-ion battery cells. For the cyber layer of the testbed, a local blockchain network was designed and embedded into a PC, which interacted with the IoT devices and BMS. C. TESTBED EXAMPLE #3 – ‘‘DC-DC POWER CONVERTERS FOR HARDWARE HARDENING’’ DC-DC buck converter has a simple topology, a pulse width modulation, a driver circuit for the switching of power semi- conductor devices, and a possible connection to external IoT devices. It has all the necessary hardware components and software access points to serve as a good simple tested with various cyberattack targets. So, the dc-dc buck con- verter is suitable for cybersecurity study in power electronics, especially hardware hardening. There are two dc-dc power converter testbeds introduced in this article for hardware hardening in section III-B, i.e.,the parallel control framework, and the security-enhanced driver circuit. Based on the dc-dc power converter testbed in [12], Table 6 summarizes some potential methods to detect cyberattacks VOLUME 11, 2023 113553
  • 12.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds early and thus prevent hazardous failures as countermeasures to these classified vulnerabilities. The countermeasures for CAN protocol cybersecurity can be the same as the ones applied to communication networks, such as applying AI and blockchain techniques, for robust authentication and encryption algorithms. The potential solutions of FPGA’s side-channel-based attacks include two categories: a) mak- ing the victim logic more resilient to side-channel attacks; and b) making it more difficult for attackers to construct any power/delay monitoring circuits on an FPGA [12]. The security-enhanced driver circuit in section III-B implements hardware hardening to eliminate possible severe dc-link short-circuit failure and thus enhance the reliability of the OBC system. In addition, the DSP-based digital filters and intelligent data processing algorithms are implemented and validated in the OBC system to detect cyber and physical attacks successfully. Due to the similarity of cyber and phys- ical layouts of different power electronics devices shown in Fig. 2 and Fig. 3, these classified cyberattacks and proposed countermeasures can be generally applied to EV onboard chargers and other GCPECs. TABLE 6. Classification and countermeasures for the cybersecurity of OBC systems (summarized from [12]). These testbed examples can be used as references to design new hardware testbeds for specific purposes of cybersecurity validation. Table 7 compares the capabilities of the testbed examples mapping to the key components of GCPECs listed in Table 1. All these hardware testbeds include the key com- ponents of power conversion and control. The candidates of digital controllers include CPLD, DSP, and FPGA, which all can implement data collection and processing and PWM generation. Due to the focus on hardware hardening, there is no communication device in the testbed example #3 but com- munication modules can be added upon necessity. Testbed example #1 uses the BeagleBone Black to provide ethernet communication in a Linux environment, while testbed exam- ple #2 adopting the Lattepanda IoT device to operate in a Windows environment. Cybersecurity researchers can choose the right one for hardware testbeds based on their experience with the computer operating system. TABLE 7. Comparison of hardware testbed examples for GCPEC’s cybersecurity study. V. RECOMMENDATIONS FOR FUTURE RESEARCH This section states the discussions of some recommendations as potential directions for future research on cybersecurity vulnerabilities, countermeasures, and testbeds for GCPECs based on the literature and prior work reviewed and discussed in this article. These recommendations are categorized into four aspects: 1) feasibility assessment of cybersecurity detec- tion and mitigation methods; 2) novel hardware-hardening approaches; 3) coordination of cybersecurity standards and GCPEC design; and 4) development of new testbeds as the baseline for cybersecurity study. All these recommendations focus on GCPECs and their secure applications in smart grids A. ASSESS THE FEASIBILITY OF CYBERSECURITY DETECTION AND MITIGATION METHODS FOR GCPEC Besides the three cybersecurity detection and mitigation methods introduced in section III-A, i.e., the blockchain tech- nique, the watermarking technique, and the PQV-limit detec- tion method, there are many other cybersecurity detection methods proposed and studied for modern power systems. For instance, there are 38 cyberattack detection methods and 23 mitigation methods listed in Table 8 of [3], which covers most of the proposed methods for power systems up to date. It should be noticed that these proposed methods may or may not apply to GCPEC, even though they can be generally utilized as cybersecurity countermeasures at the transmission and distribution level. Compared to the computing units in broad power systems, the controller of GCPEC shown in Fig. 3 has relatively slower data processing, limited comput- ing capability, smaller data storage, and other shortages in function. These shortcomings in GCPEC’s controller result in limitations to apply certain proposed cybersecurity detection and mitigation methods. Therefore, the feasibility of poten- tial cybersecurity methods should be assessed via testing in GCPECs and their interaction with the cyber-physical layers upstream. Table 8 lists five requirements for the safety and security of communication in smart grid operations, which can be adopted in the assessment of GCPEC’s cybersecurity. Also, paper [1] discussed some concepts and implementations of certificate-based authentication and message integrity in smart grids. Especially, some tests were performed on an 113554 VOLUME 11, 2023
  • 13.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds Intel i5-3210M CPU @ 2.50GHz system to compare the performance of three digital signature algorithms (RSASSA- PKCS1-v1_5, RSASSA-PSS, and RSA). It was found that there are quite significant differences in signing time and verification time. Therefore, it is proven that it is essential to investigate different algorithms of cybersecurity solution and identify the appropriate ones for GCPEC’s operations, which provides sufficient cybersecurity while meeting the time-restricted requirements of GCPEC and its intercon- nected power system operations. TABLE 8. Requirements and their definitions for safe and secure communication (summarized in [1]). B. PROPOSE AND VERIFY NOVEL HARDWARE-HARDENING APPROACHES FOR GCPEC Different from power transmission and distribution networks, GCPECs are much more vulnerable to cyberattacks that are launched by accessing their physical components locally, such as all the attacks shown in Fig. 3 except the access attack through a communication network. Novel hardware hardening approaches shall be available to enable these two functions at least to enhance cybersecurity via hardware hardening: a) Non-modifiable physical components: the integrity of physical components in GCPECs shall be improved. As inevitable commonly-accessible components, the driver and sensor circuits can be developed in a module to avoid easy modification by hackers. The commonly- used I/O pins of the controller shall be packaged and secured to avoid unauthorized access by hackers; b) Analog-based circuits as a backup for sustainable oper- ation: when the communication network and/or local digital circuits are hacked and disabled, an analog- based circuit can be activated to keep GCPEC operating in standalone mode. It meets the need for sustainable power supply to local loads while avoiding pollution in distribution networks. Besides the parallel control framework introduced in section III-B1, novel backup circuits shall be developed for various components and topologies in GCPECs. Also, the coordination of novel hardware-hardening approaches and other existing approaches/components shall be investigated. For instance, the novel hardware-hardening approaches can coordinate with the adopted cybersecu- rity detection and mitigation approaches to realize seam- less operation. When a cyberattack is detected and the hardware-hardening approach is activated, there shall be a seamless transition from the pre-cyberattack condition to the hardware-hardening activated condition. Also, the analog circuit backup shall operate in coordination with the existing digital circuit well without any interference or disturbance. In addition, it should be noticed that the novel hardware-hardening approaches should not replace the con- ventional protective scheme, which protects GCPECs from various faults, such as short circuits and unbalanced loads. Each proposed hardware-hardening approach should be ver- ified in experimental testbeds to prove its effectiveness and study its applicability and constraints. C. COORDINATE DEVELOPING CYBERSECURITY STANDARDS FOR GCPEC DESIGN Since GCPECs equip communication network access and power circuit together via the communication components like IoT devices, both power-related and communication- related standards shall be considered in the cybersecurity of GCPEC design. The standards IEEE-1547.1 and IEEE- 2030.5 shall be used as references to study the interoperability between GCPECs and smart grids. And the standard IEC- 62351 can be used to explore cybersecurity solutions for the IEC-61850-based substations and smart grids while consid- ering the constraints of information processing capability in GCPECs. Moreover, the standard UL-1741 can be used to certify the GCPEC device’s compliance. And the standard IEC- 61850 can be used to study new cybersecurity vulnerabilities in GCPECs and smart grids. Keep in mind that all these standards are live documents and developing over time. It is essential to coordinate GCPEC’s design well with the up- to-date cybersecurity-related standards to ensure the cyberse- curity and interoperability of GCPEC devices in smart grids. D. DEVELOP BASELINE TESTBED FOR CYBERSECURITY STUDY OF GCPEC To generalize the cybersecurity study of GCPEC, the base- line testbeds of GCPEC’s cybersecurity should be developed by the task forces organized and supported by government research institutes and professional societies. It is analogous to the IEEE standard bus systems (e.g., the 9-bus, 14-bus, 30-bus, 39-bus, and 118-bus systems for transmission study, and the 34-bus system for distribution study) that can be used by researchers to implement new ideas and concepts in power systems. The configurations and instructions of these baseline testbeds can guide cybersecurity researchers to define their own specifications based on their particular VOLUME 11, 2023 113555
  • 14.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds needs. They can also be used by industrial designers to test their products to meet the requirements of cybersecurity standards and certification purposes. As shown in Fig. 2, these baseline testbeds should include ‘‘dc-dc’’ and ‘‘dc-dc- ac’’ topologies to meet the need for DERs, EVs, and PVs testing. In the specification, these testbeds should provide multiple communication approaches and accesses, such as internet, ethernet, and wireless connections. As nonstandard computing devices that wirelessly connect to a network with sensors, the IoT devices in the baseline testbeds should meet the communication protocols defined in the standard IEC- 61850 up to date. The standard IEC-62351 can be used to specify the cybersecurity countermeasures in the communi- cation parts of baseline testbeds. The baseline testbeds should meet the standards IEEE-1547.1 and IEEE-2030.5 for smart grid interconnection compatibility. Besides hardware testbeds, simulation models of the power system should be used to create a hardware-in-the-loop (HIL) environment [72], [85] to test the interoperability of GCPEC baseline testbeds and study their impacts on the power system’s operations. Paper [3] did a comprehensive review of modeling approaches, simulation software, and analysis methods to investigate the cyber security problems in cyber-physical power systems (CPPS). Table 9 summa- rizes the modeling approaches, depending on the interactions between the physical layer and cyber layer of CPPS, in the aspects of time, space, and scales. Tables 2∼4 of [3] list the characteristics of different schemes in attack graph modeling, the detailed taxonomy of network attack model, and the com- mon analytical models of power system applications under cyberattacks, respectively. Also, a list of common simulation tool candidates is presented in Table 5 of [3]. These tables and information can be used as good references for power system modeling for cybersecurity analysis. The hardware of the GCPEC prototype can be integrated and interact with the power system modeling in software in a HIL environment in real-time. Many commercial HIL components and systems can be considered for this application, such as the dSpace- 1104 R&D controller board [86], National Instruments (NI) HIL [87], OPAL-RT HIL [88], and Typhoon HIL [89]. Below are some examples of HIL testbed: 1. a real-time simulation in OPAL-RT environment with HYPERSIM software to emulate CIGRE LV distribu- tion system and IEEE 37-bus distribution systems [41]. The detailed description of the testbed can be referred from [90]; 2. a real-time simulation in Typhoon HIL environment to emulate a smart electric grid with the extension of IEC-61850 to electric vehicle aggregators for commu- nication [62]; 3. a HIL testbed consists of two PLECS-RT Box-1 HIL platforms and a dSPACE MicroLabBox unit, to emu- late a group of modular multilevel converters with FDIA detectors in HVdc transmission systems [45]; 4. a HIL testbed consists of a real-time grid simulator as OPAL-RT, a cyber system testbed using real network systems and a server, and penetration testing tools gen- erating live advanced persisteOnt threat (APT)-style attacks as real cyber events [91], [92]. These HIL testbeds simulate GCPEC’s behavior in real-time software environment, and have potential of being expanded to integrate actual GCPEC hardware as needed. TABLE 9. List of power system modeling approaches for cybersecurity analysis (summarized from [3]). VI. CONCLUSION In this article, the cybersecurity issues of grid-connected power electronics converters are reviewed comprehensively, in the aspects of vulnerabilities, countermeasures, and testbeds. The cybersecurity of GCPECs includes vulnera- bilities in both the cyber layer and physical layer, which must be considered simultaneously and coordinate well with each other. When evaluating the feasibility of countermea- sure candidates to cyberattacks, the detection and mitigation approaches should consider the complexity of algorithms to be applied and assess the limits of computing and data processing capabilities in GCPECs. At the same time, the countermeasures should meet their relevant standards (such as IEEE-1547.1, IEEE-2030.5, IEC-61850, and IEC-62351) to ensure the interoperability and cybersecurity of GCPEC devices in smart grids. 113556 VOLUME 11, 2023
  • 15.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds In addition, some existing testbeds of GCPECs are intro- duced here for cybersecurity experimental validations. As a ‘‘new-new’’ technology, these testbed examples are ground- breaking efforts and can be used as references by peers to explore novel and suitable hardware testbeds to meet their needs of cybersecurity verification and validation. Further- more, based on the review and analysis of the vulnerabilities, countermeasures, and testbeds throughout this article, four recommendations are raised for future research on GCPECs and their applications in smart grids, which include: 1) fea- sibility assessment of cybersecurity detection and mitigation methods; 2) novel hardware-hardening approaches; 3) coor- dination of cybersecurity standards; and 4) development of new testbeds as the baseline for cybersecurity study. REFERENCES [1] T. S. Ustun and S. M. S. Hussain, ‘‘A review of cybersecurity issues in smartgrid communication networks,’’ in Proc. Int. Conf. Power Electron., Control Autom. (ICPECA), New Delhi, India, Nov. 2019, pp. 1–6. [2] R. M. Lee, M. J. Assante, and T. Conway, ‘‘Analysis of the cyber attack on the ukrainian power grid,’’ E-ISAC, SANS ICS., Tech. Rep., Mar. 2016. [Online]. Available: https://media.kasperskycontenthub.com/wp-content/ uploads/sites/43/2016/05/20081514/E-ISAC_SANS_Ukraine_DUC_5.pdf [3] R. V. Yohanandhan, R. M. Elavarasan, P. Manoharan, and L. Mihet-Popa, ‘‘Cyber-physical power system (CPPS): A review on modeling, simula- tion, and analysis with cyber security applications,’’ IEEE Access, vol. 8, pp. 151019–151064, 2020. [4] J. Lázaro, A. Astarloa, M. Rodríguez, U. Bidarte, and J. Jiménez, ‘‘A survey on vulnerabilities and countermeasures in the communications of the smart grid,’’ Electronics, vol. 10, no. 16, p. 1881, Aug. 2021, doi: 10.3390/elec- tronics10161881. [5] J. Jithish, B. Alangot, N. Mahalingam, and K. S. Yeo, ‘‘Distributed anomaly detection in smart grids: A federated learning-based approach,’’ IEEE Access, vol. 11, pp. 7157–7179, 2023. [6] H. Alan Mantooth, R. Zane, and M. Manjrekar, ‘‘Guest editorial special section on cybersecurity of power electronics through hardware hard- ening,’’ IEEE J. Emerg. Sel. Topics Power Electron., vol. 10, no. 1, pp. 1255–1257, Feb. 2022. [7] Y. Li and J. Yan, ‘‘Cybersecurity of smart inverters in the smart grid: A survey,’’ IEEE Trans. Power Electron., vol. 38, no. 2, pp. 2364–2383, Feb. 2023. [8] F. Zhang and Q. Li, ‘‘Security vulnerability and patch management in electric utilities: A data-driven analysis,’’ in Proc. 1st Workshop Radical Experiential Secur., Incheon, South Korea, May 2018, pp. 65–68. [9] G. Bere, B. Ahn, J. J. Ochoa, T. Kim, A. A. Hadi, and J. Choi, ‘‘Blockchain- based firmware security check and recovery for smart inverters,’’ in Proc. IEEE Appl. Power Electron. Conf. Expo. (APEC), Phoenix, AZ, USA, Jun. 2021, pp. 675–679. [10] J. Qi, A. Hahn, X. Lu, J. Wang, and C. Liu, ‘‘Cybersecurity for distributed energy resources and smart inverters,’’ IET Cyber-Phys. Syst., Theory Appl., vol. 1, no. 1, pp. 28–39, Dec. 2016. [11] T. Kim, J. Ochoa, T. Faika, H. A. Mantooth, J. Di, Q. Li, and Y. Lee, ‘‘An overview of cyber-physical security of battery management systems and adoption of blockchain technology,’’ IEEE J. Emerg. Sel. Topics Power Electron., vol. 10, no. 1, pp. 1270–1281, Feb. 2022. [12] A. Chandwani, S. Dey, and A. Mallik, ‘‘Cybersecurity of onboard charging systems for electric vehicles—Review, challenges and countermeasures,’’ IEEE Access, vol. 8, pp. 226982–226998, 2020. [13] B. Yang, L. Guo, F. Li, J. Ye, and W. Song, ‘‘Impact analysis of data integrity attacks on power electronics and electric drives,’’ in Proc. IEEE Transp. Electrific. Conf. Expo (ITEC), Detroit, MI, USA, Jun. 2019, pp. 1–6. [14] E. Axell, P. Eliardsson, S. Ö. Tengstrand, and K. Wiklundh, ‘‘Power control in interference channels with class a impulse noise,’’ IEEE Wireless Commun. Lett., vol. 6, no. 1, pp. 102–105, Feb. 2017. [15] T. S. Ustun, ‘‘Cybersecurity vulnerabilities of smart inverters and their impacts on power system operation,’’ in Proc. Int. Conf. Power Electron., Control Autom. (ICPECA), New Delhi, India, Nov. 2019, pp. 1–4. [16] Communication Networks and Systems for Power Utility Automation, Part 90-7: Object Models for Power Converters in Distributed Energy Resources (DER) Systems, Standard IEC/TR 61850-90-7, International Electrotechnical Commission (IEC), Feb. 2013. [17] J. Ahn, J. Chung, T. Kim, B. Ahn, and J. Choi, ‘‘An overview of quantum security for distributed energy resources,’’ in Proc. IEEE 12th Int. Symp. Power Electron. Distrib. Gener. Syst. (PEDG), Jun. 2021, pp. 1–7. [18] A. A. Hadi, G. Bere, T. Kim, J. J. Ochoa, J. Zeng, and G.-S. Seo, ‘‘Secure and cost-effective micro phasor measurement unit (PMU)-like metering for Behind-the-Meter (BTM) solar systems using blockchain-assisted smart inverters,’’ in Proc. IEEE Appl. Power Electron. Conf. Expo. (APEC), Mar. 2020, pp. 2369–2375. [19] J. Choi, B. Ahn, G. Bere, S. Ahmad, H. A. Mantooth, and T. Kim, ‘‘Blockchain-based Man-in-the-Middle (MITM) attack detection for pho- tovoltaic systems,’’ in Proc. IEEE Design Methodol. Conf. (DMC), Bath, United Kingdom, Jul. 2021. [20] N. Prusty, Building Blockchain Projects, 1st ed. Birmingham, U.K.: Packt, Apr. 2017. [21] M. A. Khan and K. Salah, ‘‘IoT security: Review, blockchain solutions, and open challenges,’’ Future Gener. Comput. Syst., vol. 82, pp. 395–411, May 2018. [22] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, ‘‘Blockchain for IoT security and private: The study of a smart home,’’ in Proc. IEEE Int. Conf. Pervasive Comput. Commun. Workshops, Kona, HI, USA, Mar. 2017, pp. 618–623. [23] A. Miller, Y. Xia, K. Croman, E. Shi, and D. Song, ‘‘The honey badger of BFT protocols,’’ in Proc. ACM SIGSAC Conf. Comput. Commun. Secur. (CCS), Vienna, Austria, Oct. 2016, pp. 31–42. [24] I. Makhdoom, M. Abolhasan, H. Abbas, and W. Ni, ‘‘Blockchain’s adop- tion in IoT: The challenges, and a way forward,’’ J. Netw. Comput. Appl., vol. 125, pp. 251–279, Jan. 2019. [25] Y. Son, J. Jeong, and Y. Lee, ‘‘Design of the secure compiler for the IoT services,’’ Adv. Sci. Technol. Lett., vol. 110, pp. 67–70, Feb. 2015. [26] T. Ji, Y. Wu, C. Wang, X. Zhang, and Z. Wang, ‘‘The coming era of AlphaHacking?: a survey of automatic software vulnerability detection, exploitation and patching techniques,’’ in Proc. IEEE 3rd Int. Conf. Data Sci. Cyberspace (DSC), Guangzhou, China, Jun. 2018, pp. 53–60. [27] B. Lee and J.-H. Lee, ‘‘Blockchain-based secure firmware update for embedded devices in an Internet of Things environment,’’ J. Supercomput., vol. 73, no. 3, pp. 1152–1167, Mar. 2017. [28] M. Salfer and C. Eckert, ‘‘Attack graph-based assessment of exploitability risks in automotive on-board networks,’’ in Proc. 13th Int. Conf. Availabil- ity, Rel. Secur., Hamburg, Germany, Aug. 2018, pp. 1–10. [29] M. R. Moore, R. A. Bridges, F. L. Combs, M. S. Starr, and S. J. Prowell, ‘‘Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: A data-driven approach to in-vehicle intrusion detection,’’ in Proc. 12th Annu. Conf. Cyber Inf. Secur. Res., Oak Ridge, TN, USA, Apr. 2017, pp. 1–4. [30] T. Le, L. Weaver, J. Di, S. Zhang, and Y. Jin, ‘‘Hardware trojan detection and functionality determination for soft IPs,’’ in Proc. IEEE 3rd Int. Verifi- cation Secur. Workshop (IVSW), Costa Brava, Spain, Jul. 2018, pp. 56–61. [31] M. Haque, M. N. Shaheed, and S. Choi, ‘‘Deep learning based micro-grid fault detection and classification in future smart vehicle,’’ in Proc. IEEE Transp. Electrific. Conf. Expo (ITEC), Long Beach, CA, USA, Jun. 2018, pp. 1082–1087. [32] P. Otte, M. de Vos, and J. Pouwelse, ‘‘TrustChain: A sybil-resistant scal- able blockchain,’’ Future Gener. Comput. Syst., vol. 107, pp. 770–780, Jun. 2020. [33] K. Toyoda, P. T. Mathiopoulos, I. Sasase, and T. Ohtsuki, ‘‘A novel blockchain-based product ownership management system (POMS) for anti-counterfeits in the post supply chain,’’ IEEE Access, vol. 5, pp. 17465–17477, Jun. 2017. [34] I. Cox, M. Miller, J. Bloom, J. Fridrich, and T. Kalker, Digital Watermark- ing and Steganography, 1st ed. Morgan Kaufmann, Nov. 2008. [35] J. Ramos-Ruiz, J. Kim, W.-H. Ko, T. Huang, P. Enjeti, P. R. Kumar, and L. Xie, ‘‘An active detection scheme for cyber attacks on grid-tied PV systems,’’ in Proc. IEEE CyberPELS (CyberPELS), Miami, FL, USA, Oct. 2020, pp. 1–6. [36] J. Kim, W.-H. Ko, and P. R. Kumar, ‘‘Cyber-security with dynamic water- marking for process control systems,’’ in Proc. AIChE Annu. Meeting, 2019. VOLUME 11, 2023 113557
  • 16.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds [37] B. Satchidanandan and P. R. Kumar, ‘‘Dynamic watermarking: Active defense of networked cyber–physical systems,’’ Proc. IEEE, vol. 105, no. 2, pp. 219–240, Feb. 2017. [38] J. Ramos-Ruiz, H. Ibrahim, J. Kim, W. H. Ko, T. Huang, P. Enjeti, P. R. Kumar, and L. Xie, ‘‘Validation of a robust cyber shield for a grid connected PV inverter system via digital watermarking principle,’’ in Proc. IEEE 12th Int. Symp. Power Electron. Distrib. Gener. Syst. (PEDG), Chicago, IL, USA, Jun./Jul. 2021, pp. 1–6. [39] A. Khan, M. Hosseinzadehtaher, M. B. Shadmand, D. Saleem, and H. Abu-Rub, ‘‘Intrusion detection for cybersecurity of power electronics dominated grids: Inverters PQ set-points manipulation,’’ in Proc. IEEE CyberPELS (CyberPELS), Miami, FL, USA, Oct. 2020, pp. 1–8. [40] W. J. Tzeng and F. Y. Wu, ‘‘Theory of impedance networks: The two-point impedance and LC resonances,’’ J. Phys. A, Math. Gen., vol. 39, no. 27, pp. 8579–8591, Jul. 2006. [41] K. Gupta, S. Sahoo, R. Mohanty, B. K. Panigrahi, and F. Blaabjerg, ‘‘Distinguishing between cyber attacks and faults in power electronic systems—A noninvasive approach,’’ IEEE J. Emerg. Sel. Topics Power Electron., vol. 11, no. 2, pp. 1578–1588, Apr. 2023. [42] A. A. Khan, O. A. Beg, M. Alamaniotis, and S. Ahmed, ‘‘Intelligent anomaly identification in cyber-physical inverter-based systems,’’ Electr. Power Syst. Res., vol. 193, Apr. 2021, Art. no. 107024. [43] O. A. Beg, L. V. Nguyen, T. T. Johnson, and A. Davoudi, ‘‘Cyber- physical anomaly detection in microgrids using time-frequency logic formalism,’’ IEEE Access, vol. 9, pp. 20012–20021, 2021, doi: 10.1109/ACCESS.2021.3055229. [44] S. Sahoo, Y. Yang, and F. Blaabjerg, ‘‘Resilient synchronization strategy for AC microgrids under cyber attacks,’’ IEEE Trans. Power Electron., vol. 36, no. 1, pp. 73–77, Jan. 2021, doi: 10.1109/TPEL.2020.3005208. [45] C. Burgos-Mellado, C. Zuñiga-Bauerle, D. Muñoz-Carpintero, Y. Arias-Esquivel, R. Cárdenas-Dobson, T. DragiCevic, F. Donoso, and A. Watson, ‘‘Reinforcement learning-based method to exploit vulnerabilities of false data injection attack detectors in modular multilevel converters,’’ IEEE Trans. Power Electron., vol. 38, no. 7, pp. 8907–8921, Jul. 2023. [46] Y. Chen, W. Qiu, X. Liu, and Y. Kang, ‘‘A parallel control framework of analog proportional integral and digital model predictive controllers for enhancing power converters cybersecurity,’’ IEEE J. Emerg. Sel. Topics Power Electron., vol. 10, no. 1, pp. 1258–1269, Feb. 2022. [47] Texas Instruments. TMS320F28335. [Online]. Available: https://www.ti.com/product/TMS320F28335 [48] C. Farnell, E. Soria, J. Jackson, and H. A. Mantooth, ‘‘Cyber protection of grid-connected devices through embedded online security,’’ in Proc. IEEE Design Methodol. Conf. (DMC), Bath, U.K., Jul. 2021. [49] V. V. Makarov, Y. B. Frolov, I. S. Parshina, and M. V. Ushakova, ‘‘The design concept of digital twin,’’ in Proc. 12th Int. Conf. Manag. Large-Scale Syst. Develop. (MLSD), Moscow, Russia, Oct. 2019, pp. 1–4, doi: 10.1109/MLSD.2019.8911091. [50] Z. Xu, ‘‘Source code and binary level vulnerability detection and hot patching,’’ in Proc. 35th IEEE/ACM Int. Conf. Automated Softw. Eng. (ASE), Melbourne, VIC, Australia, Sep. 2020, pp. 1397–1399. [51] H. Jeong, J. Baik, and K. Kang, ‘‘Functional level hot-patching platform for executable and linkable format binaries,’’ in Proc. IEEE Int. Conf. Syst., Man, Cybern. (SMC), Banff, AB, Canada, Oct. 2017, pp. 489–494, doi: 10.1109/SMC.2017.8122653. [52] F. Pozo, G. Rodriguez-Navas, and H. Hansson, ‘‘Work-in-progress: A hot- patching protocol for repairing time-triggered network schedules,’’ in Proc. IEEE Real-Time Embedded Technol. Appl. Symp. (RTAS), Porto, Portugal, Apr. 2018, pp. 89–92, doi: 10.1109/RTAS.2018.00015. [53] A. Ramaswamy, S. Bratus, S. W. Smith, and M. E. Locasto, ‘‘Katana: A hot patching framework for ELF executables,’’ in Proc. Int. Conf. Availability, Rel. Secur., Krakow, Poland, Feb. 2010, pp. 507–512, doi: 10.1109/ARES.2010.112. [54] S. M. S. Hussain, T. S. Ustun, and A. Kalam, ‘‘A review of IEC 62351 security mechanisms for IEC 61850 message exchanges,’’ IEEE Trans. Ind. Informat., vol. 16, no. 9, pp. 5643–5654, Sep. 2020. [55] W. Stallings, Cryptography and Network Security: Principles and Prac- tice, 7th ed. London, U.K.: Pearson, 2017. [56] J. Hong, C.-C. Liu, and M. Govindarasu, ‘‘Detection of cyber intru- sions using network-based multicast messages for substation automation,’’ in Proc. Innov. Smart Grid Technol. (ISGT), Washington, DC, USA, Feb. 2014, pp. 1–5. [57] N. Kush, E. Ahmed, M. Branagan, and E. Foo, ‘‘Poisoned GOOSE: Exploiting the GOOSE protocol,’’ in Proc. 12th Australas. Inf. Secur. Conf. (AISC), Auckland, New Zealand, Feb. 2014, pp. 17–22. [58] L. E. da Silva and D. V. Coury, ‘‘A new methodology for real-time detection of attacks in IEC 61850-based systems,’’ Electr. Power Syst. Res., vol. 143, pp. 825–833, Feb. 2017. [59] M. C. Magro, P. Pinceti, L. Rocca, and G. Rossi, ‘‘Safety related functions with IEC 61850 GOOSE messaging,’’ Int. J. Electr. Power Energy Syst., vol. 104, pp. 515–523, Jan. 2019. [60] M. El Hariri, E. Harmon, T. Youssef, M. Saleh, H. Habib, and O. Mohammed, ‘‘The IEC 61850 sampled measured values protocol: Anal- ysis, threat identification, and feasibility of using NN forecasters to detect spoofed packets,’’ Energies, vol. 12, no. 19, p. 3731, Sep. 2019. [61] B. Kang, P. Maynard, K. McLaughlin, S. Sezer, F. Andrén, C. Seitl, F. Kupzog, and T. Strasser, ‘‘Investigating cyber-physical attacks against IEC 61850 photovoltaic inverter installations,’’ in Proc. IEEE 20th Conf. Emerg. Technol. Factory Autom. (ETFA), Luxembourg City, Luxembourg, Sep. 2015, pp. 1–8. [62] H. Palahalli, M. Hemmati, and G. Gruosso, ‘‘Analysis and design of a smart controller for managing penetration of renewable energy including cybersecurity issues,’’ Electronics, vol. 11, no. 12, p. 1861, Jun. 2022, doi: 10.3390/electronics11121861. [63] J. Johnson, B. Fox, K. Kaur, and J. Anandan, ‘‘Evaluation of interopera- ble distributed energy resources to IEEE 1547.1 using SunSpec modbus, IEEE 1815, and IEEE 2030.5,’’ IEEE Access, vol. 9, pp. 142129–142146, Oct. 2021. [64] Inverters, Converters, Controllers and Interconnection System Equipment for Use With Distributed Energy Resources, Standard UL 1741, Underwrit- ers Laboratories, 2016. [65] J. Johnson, S. Gonzalez, M. E. Ralph, A. Ellis, and R. Broderick, ‘‘Test pro- tocols for advanced inverter interoperability functions-appendices,’’ San- dia Nat. Laboratories, Albuquerque, NM, USA, Tech. Rep. SAND2013- 9875, 2013. [66] J. Johnson, S. Gonzalez, M. E. Ralph, A. Ellis, and R. Broderick, ‘‘Test pro- tocols for advanced inverter interoperability functions-main document,’’ Sandia Nat. Lab., Albuquerque, NM, USA, Tech. Rep. SAND2013-9880, 2013. [67] J. Johnson, R. Bründlinger, C. Urrego, and R. Alonso, ‘‘Collaborative development of automated advanced interoperability certification test pro- tocols for PV smart grid integration,’’ in Proc. Eur. Photovolt. Sol. Energy Conf. Exhib. (PVSEC), Amsterdam, The Netherlands, Sep. 2014, pp. 1–7. [68] J. B. Ahn, J. J. Lee, J. Johnson, and J. H. Bae, ‘‘Test results for advanced inverter functions based-on IEC 61850-90-7,’’ in Proc. 5th Asia–Pacific Forum Renew. Energy (AFORE), Jeju, South Korea, Nov. 2015, pp. 1–13. [69] M. Verga, R. Lazzari, J. Johnson, D. Rosewater, C. Messner, and J. Hashimoto, ‘‘SIRFN draft test protocols for advanced battery energy storage system interoperability functions,’’ in Proc. IEA-ISGAN Annex, 2016. [70] D. M. Rosewater, J. T. Johnson, M. Verga, R. Lazzari, C. Messner, K. Johannes, J. Hashimoto, and K. Otani, ‘‘International development of energy storage interoperability test protocols for photovoltaic integration,’’ in Proc. EU PVSEC, Hamburg, Germany, Sep. 2015, pp. 1–11. [71] J. Johnson, E. Apablaza-Arancibia, N. Ninad, D. Turcotte, A. Prieur, R. Ablinger, R. Brïndlinger, T. Moore, R. Heidari, J. Hashimoto, C. Cho, R. S. Kumar, J. Kumar, M. Verga, J. L. S. Farias, J. G. M. Tena, F. Baumgartner, I. V. Temez, R. A. Segade, and B. Fox, ‘‘International development of a distributed energy resource test platform for electrical and interoperability certification,’’ in Proc. IEEE 7th World Conf. Pho- tovolt. Energy Convers. (WCPEC), Joint Conf. 45th IEEE PVSC, 28th PVSEC 34th EU PVSEC, Waikoloa, HI, USA, Jun. 2018, pp. 2492–2497. [72] J. Johnson, R. Ablinger, R. Bruendlinger, B. Fox, and J. Flicker, ‘‘Inter- connection standard grid-support function evaluations using an auto- mated Hardware-in-the-Loop testbed,’’ IEEE J. Photovolt., vol. 8, no. 2, pp. 565–571, Mar. 2018. [73] N. Ninad, E. Apablaza-Arancibia, M. Bui, J. Johnson, S. Gonzalez, W. Son, C. Cho, J. Hashimoto, K. Otani, R. Bründlinger, and R. Ablinger, ‘‘Development and evaluation of open-source IEEE 1547.1 test scripts for improved solar integration,’’ in Proc. 36th Eur. Photovolt. Sol. Energy Conf. Exhib. (PVSEC), Marseille, France, Sep. 2019, pp. 952–957. [74] N. Ninad et al., ‘‘PV inverter grid support function assessment using open- source IEEE P1547.1 test package,’’ in Proc. 47th IEEE Photovolt. Spec. Conf. (PVSC), Calgary, AB, Canada, Jun. 2020, pp. 1138–1144. 113558 VOLUME 11, 2023
  • 17.
    R. Fu etal.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds [75] R. Darbali-Zamora, J. Johnson, N. S. Gurule, M. J. Reno, N. Ninad, and E. Apablaza-Arancibia, ‘‘Evaluation of photovoltaic inverters under balanced and unbalanced voltage phase angle jump conditions,’’ in Proc. 47th IEEE Photovolt. Spec. Conf. (PVSC), Calgary, AB, Canada, Jun. 2020, pp. 1562–1569. [76] SunSpec DER Information Model, Test Status, SunSpec Alliance, San Jose, CA, USA, 2020. [77] ‘‘DNP3 profile for communications with distributed energy resources (DERs),’’ version 2018-08-22, DNP3.org, DNP Appl. Note AN2018-001, 2018. [78] Common Smart Inverter Profile: IEEE 2030.5 Implementation Guide for Smart Inverters, Version 2.1, San Jose, CA, USA, 2018. [79] SunSpec Alliance Releases SVP Dashboard Test Platform to Enable IEEE 1547 Communication Testing for Distributed Energy Resources, San Jose, CA, USA, Mar. 2021. [Online]. Available: https://sunspec.org/sunspec- alliance-releases-svp-dashboard-test-platform-to-enable-ieee-1547- communication-testing-for-distributed-energy-resources/ [80] S. J. Moquin, S. Kim, N. Blair, C. Farnell, J. Di, and H. A. Mantooth, ‘‘Enhanced uptime and firmware cybersecurity for grid-connected power electronics,’’ in Proc. IEEE CyberPELS (CyberPELS), Knoxville, TN, USA, Apr./May 2019, pp. 1–6. [81] S. Chetan, A. Ranganathan, and R. Campbell, ‘‘Towards fault tolerance pervasive computing,’’ IEEE Technol. Soc. Mag., vol. 24, no. 1, pp. 38–44, Spring 2005. [82] Solar Micro Inverter Development Kit, Texas Instrum. [Online]. Available: http://www.ti.com/tool/TMDSSOLARUINVKIT [83] LattePanda. [Online]. Available: https://www.lattepanda.com/ [84] S. Ghandali, T. Moos, A. Moradi, and C. Paar, ‘‘Side-channel hardware trojan for provably-secure SCA-protected implementations,’’ IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. 28, no. 6, pp. 1435–1448, Jun. 2020. [85] R. Fu, Y. Zhang, and S. Bhatta, ‘‘An easily-installed hardware-in-the- loop (HIL) inverter system for power electronics teaching,’’ in Proc. IEEE 12th Int. Conf. Power Electron. Drive Syst. (PEDS), Honolulu, HI, USA, Dec. 2017, pp. 48–52. [86] DS1104 R&D Controller Board, dSPACE. [Online]. Available: https://www.dspace.com/en/inc/home/products/hw/singbord/ds1104.cfm [87] Hardware-in-the-Loop (HIL) Testing for Industrial Systems, National Instruments. [Online]. Available: https://www.ni.com/en- us/solutions/industrial-machinery/hardware-in-the-loop-hil-testing-for- industrial-systems.html [88] Hardware-in-the-Loop, OPAL-RT. [Online]. Available: https://www.opal- rt.com/hardware-in-the-loop/ [89] Typhoon HIL. [Online]. Available: https://www.typhoon-hil.com/ [90] K. Gupta, S. Sahoo, B. K. Panigrahi, F. Blaabjerg, and P. Popovski, ‘‘On the assessment of cyber risks and attack surfaces in a real-time co-simulation cybersecurity testbed for inverter-based microgrids,’’ Energies, vol. 14, no. 16, p. 4941, Aug. 2021. [91] K. Park, B. Ahn, J. Kim, D. Won, Y. Noh, J. Choi, and T. Kim, ‘‘An advanced persistent threat (APT)-style cyberattack testbed for dis- tributed energy resources (DER),’’ in Proc. IEEE Design Methodol. Conf. (DMC), Bath, U.K., Jul. 2021. [92] S. Ahmad, B. Ahn, S. R. B. Alvee, D. Trevino, T. Kim, Y.-W. Youn, and M.-H. Ryu, ‘‘Advanced persistent threat (APT)-style attack modeling and testbed for power transformer diagnosis system in a substation,’’ in Proc. IEEE Power Energy Soc. Innov. Smart Grid Technol. Conf. (ISGT), New Orleans, LA, USA, Apr. 2022. RUIYUN FU (Senior Member, IEEE) received the B.S. and M.S. degrees in electrical engineer- ing from the Huazhong University of Science and Technology, Wuhan, China, in 2004 and 2007, respectively, and the Ph.D. degree in electrical engineering from the University of South Carolina, Columbia, SC, USA, in 2013. She is currently an Associate Professor with the Department of Electrical and Computer Engineer- ing, School of Engineering, Mercer University, Macon, GA, USA. Her research interests include power electronics and power systems, DC/DC converters and DC/AC inverters, renewable energy conversion system design, the modeling and simulation of power semicon- ductor devices for switching converter applications, and the modeling and simulation of wide bandgap semiconductor devices (SiC and GaN). MARY E. LICHTENWALNER was born in Lawrenceville, GA, USA. She received the Bach- elor of Science degree in engineering with a focus on electrical engineering from Mercer University, Macon, GA, in 2022, where she is currently pur- suing the Master of Science degree in engineering with a specialization in electrical engineering. She is also a Staff Electrical Engineer with the Mercer Engineering Research Center, Warner Robins, GA, working on electronic warfare. THOMAS J. JOHNSON received the bachelor’s degree from Mercer University, Macon, GA, USA. He is currently pursuing the Bachelor of Science in Engineering (B.S.E.) degree with a specialization in electrical engineering. VOLUME 11, 2023 113559