1. Received 14 September 2023, accepted 7 October 2023, date of publication 12 October 2023, date of current version 18 October 2023.
Digital Object Identifier 10.1109/ACCESS.2023.3324177
A Review of Cybersecurity in Grid-Connected
Power Electronics Converters: Vulnerabilities,
Countermeasures, and Testbeds
RUIYUN FU , (Senior Member, IEEE), MARY E. LICHTENWALNER, AND THOMAS J. JOHNSON
Department of Electrical and Computer Engineering, Mercer University, Macon, GA 31207, USA
Corresponding author: Ruiyun Fu (fu_r@mercer.edu)
This work was supported in part by the Mercer University Seed Grants Program.
ABSTRACT With the increasing installations of solar energy, electric vehicles, and other distributed energy
resources and the deeper developments of digitalization and standardization, cybersecurity became more and
more essential and critical in modern power systems. Unfortunately, most prior research work focuses on the
cybersecurity of power transmission and distribution networks other than distributed energy devices and their
grid-connected power converters. Focusing on the Grid-Connected Power Electronics Converters (GCPECs),
this article does a comprehensive review of existing outcomes from selected references, in the aspects of
vulnerabilities, countermeasures, and testbeds. By analyzing the GCPEC’s layout and countermeasure can-
didates, it is found that the vulnerabilities of GCPECs include both cyber and physical layers that are easily
accessible to malicious hackers. These vulnerabilities in the two layers must be considered simultaneously
and coordinate well with each other. Especially, hardware hardening is an essential approach to enhance
cybersecurity within GCPECs. It is also noticed that the detection and mitigation approaches should consider
the complexity of algorithms to be applied and assess the limits of computing and data processing capabilities
in GCPECs while evaluating the feasibility of countermeasure candidates to cyberattacks in testbeds. In
addition, the countermeasures should meet relevant standards, such as IEEE-1547.1, IEEE-2030.5, IEC-
61850, and IEC-62351, to ensure the interoperability and cybersecurity of GCPEC devices in smart grids.
Finally, based on the review and analysis, four recommendations are raised for future research on GCPEC’s
cybersecurity and their applications in smart grids.
INDEX TERMS Countermeasure, cybersecurity, grid-connected, power converter, power electronics, smart
grid, testbed, vulnerability.
ACRONYMS
AC Alternative Current.
ADC Analog-to-Digital Conversion.
APT Advanced Persistent Threat.
ARP Address Resolution Protocol.
AWS Amazon Web Service.
BAS Blockchain-Assisted Smart.
BMS Battery Management System.
CAN Controller Area Network.
CPLD Complex Programmable Logic Device.
The associate editor coordinating the review of this manuscript and
approving it for publication was Yuh-Shyan Hwang .
CPPS Cyber-physical Power System.
CSIP Common Smart Inverter Profile.
CSPR Cybersecure Power Router.
DAC Digital-to-Analog Conversion.
DC Direct Current.
DER Distributed Energy Resources.
DSP Digital Signal Processor.
E2E End-to-End.
EPS Electric Power System.
ESS Energy Storage System.
FDIA False Data Injection Attack.
FL Federated Learning.
FPGA Field-Programmable Gate Arrays.
FSM Finite State machine.
VOLUME 11, 2023
2023 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.
For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ 113543
2. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
GCPEC Grid-Connected Power Electronics Converters.
GOOSE Generic Object-oriented Substation Event.
HIL Hardware-in-the-Loop.
HVDC High-voltage Direct Current.
IDS Intrusion Detection System.
IoT Internet-of-Things.
IT Information Technology.
LAN Local Area Network.
M2C Modular Multilevel Converter.
MCU Microcontroller Unit.
MITM Man-in-the Middle.
ML Machine Learning.
MMS Manufacturing Message Specification.
MPC Model Predictive Controller.
NN Neural Network.
OBC Onboard Charging.
OT Operating Technology.
OTP One-Time Password.
PCC Point of Common Coupling.
PEDG Power Electronics-Dominated Grid.
PQC Quantum Key Distribution.
PIC Proportional Integral Controller.
PQC Post-Quantum Cryptography.
PWM Pulse-Width Modulation.
QKD Quantum Key Distribution.
RL Reinforcement Learning.
ROCOF Rate of Change of Frequency.
RT Real Time.
SVP System Validation Platform.
WBG Wide-Bandgap.
µPMU Micro Phasor Measurement Unit.
I. INTRODUCTION
With the rapid developments of information technology (IT)
and smart grids in the past two decades, more and more dis-
tributed energy resources (DERs) and energy storage systems
(ESSs) are integrating into modern electric power systems.
The advanced IT and smart grid techniques bring in many
benefits, such as reduced emissions and fuel consumption,
easy integration and management of DERs and ESSs, instant
feedback of energy production and consumption, seam-
less fault diagnose, and more efficient energy management
depending on demand. Meanwhile, with the deeper digi-
talization and standardization in smart grids, cybersecurity
became a critical threat and an essential issue to be solved
in electric power systems.
A. HISTORY OF CYBERSECURITY IN ELECTRIC POWER
SYSTEMS
By investigating the history of electric power systems and
the applications of digital technology and communication
networks nowadays, it was pointed out that the cyberse-
curity concern was caused by ‘‘the concept of security by
obscurity is compromised’’, due to the negative impact of
replacing old-time SCADA systems with modern digitalized
communication networks as well as standardizing the names
and instructions in modern power systems [1]. In traditional
power systems, the communication networks were hardwired
with copper wires to coordinate a very limited number of
devices for a very specific reason and there was no require-
ment for extensive communication/connection to the outside
world. Therefore, the ‘‘old-time’’ SCADA systems are physi-
cally secured. The only way to hack the system is by sneaking
into the substation and implementing a physical connec-
tion to the hardwired network to compromise the system.
Unfortunately, the application of digital techniques and the
standardization of communication networks create accessi-
ble cybersecurity vulnerabilities and thus open back doors
to hackers in smart grids. Indeed, digital components and
devices have replaced analog components and devices sig-
nificantly in many applications, to provide better and flexible
controllability, easy operation and maintenance, and easy data
collection. But it also compromises the physical security of
the system and enables easy access to communication net-
works, including malicious hackers. Moreover, although the
application of the standard IEC-61850 benefits the interoper-
ability among various smart-grid power devices in a modern
power system, it causes the loss of cybersecurity by obscurity
and the easily-identified legitimate models and data objects to
hackers at the same time. Therefore, new techniques should
be explored to detect and mitigate the cybersecurity vulnera-
bilities brought into modern power systems unintentionally.
It should be clearly stated that a smart grid is a
cyber-physical system and its cybersecurity has physical lim-
itations in hardware to apply some encryption algorithms for
cybersecurity. Comparatively, for a pure cyber system like the
telecommunication system for banking, the cybersecurity is
very mature to make sure messages are sent encrypted with-
out any malicious modifications to the intended recipients
only [1]. In this way, the cybersecurity study in smart grids
should always consider the physical limitations in hardware
to ensure the proposed countermeasures are executable in
practice.
As the largest cyber-physical systems in the world, electric
power utilities are vulnerable to cyberattacks. The mostly-
recent notable cyberattack was the false data injection
attack on the power distribution system in Kyiv, Ukraine,
on December 23rd, 2015. The control centers of three
Ukrainian electricity distribution companies were remotely
accessed. Taking control of the facilities’ SCADA systems,
malicious actors opened breakers at some 30 distribution
substations in the capital city Kyiv and the western Ivano-
Frankivsk region, causing more than 200,000 consumers to
lose power for a couple of hours [2]. To mitigate the cyber-
attack threats, many power companies, national research
institutes and agencies, and academic researchers around
the world have spent a lot of effort in time and investment
on the projects/programs/trails to enhance the cybersecu-
rity of smart grids, as some examples listed in Table 9 of
[3]. The vulnerabilities of the communication in smart grids
were introduced by the standard IEC-62351, which collects
113544 VOLUME 11, 2023
3. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
FIGURE 1. Hierarchical cyber-physical structure of smart grids.
security mechanisms and how to apply them to time-sensitive
networking [4].
B. RISE OF CYBERSECURITY ISSUES IN
GRID-CONNECTED POWER ELECTRONICS CONVERTERS
As a hierarchical system, the cyber-physical structure of
smart grids is indicated in Fig. 1. In the system, the power net-
works interface to their relevant communication networks via
sensors and control signals in the analog-to-digital conversion
(ADC) and digital-to-analog conversion (DAC) approaches.
The information on power generation, delivery, and consump-
tion is exchanged across the communication networks. With
the application of advanced IT and power control techniques,
bidirectional power flow can be implemented in smart grids
compared to the unidirectional power flow in traditional
power systems. Typically, the transmission and distribution
networks are managed and maintained by power companies,
which are not easily accessible to hackers to launch physical-
oriented cyberattacks. But the distributed energy devices
(such as the solar power systems, ESSs, and EVs shown in
Fig. 1) are managed by individual users (residents, commer-
cial owners, etc.) and locate at the user’s facilities, which
are relatively easy to be physically accessed and become an
‘‘open door’’ to hackers to launch malicious cyberattacks.
So, grid-connected power electronics converters (GCPECs)
are very vulnerable to cyberattacks. And the cybersecurity
of distributed grid-connected power converters influences the
safety and reliability of smart grids directly.
Unfortunately, most prior research work focuses on the
cybersecurity of power transmission and distribution net-
works other than distributed energy devices and their
grid-connected power converters. For example, in 2023 paper
[5] introduced a Federated Learning (FL)-based smart grid
anomaly detection scheme where machine-learning (ML)
models are trained in a distributed manner by each smart
meter device without requiring to share its local data with a
central server. This proposed method demonstrated efficient
operation in terms of memory, CPU usage, bandwidth, and
power consumption at edge hardware. Targeting the cyberse-
curity of power transmission and distribution networks, there
were numerous accomplishments presented at professional
power system conferences, such as the IEEE Innovative
Smart Grid Technologies (IGST) and the IEEE Power and
Energy Society General Meeting (PES-GM) hosted by the
IEEE Power and Energy Society (PES), and published at
the journals of IEEE and IET transactions. Comparatively,
there was very limited study on the cybersecurity of GCPEC,
especially on the physical layer of GCPEC, up to date. That
is the reason there were a couple of workshops and symposia
the IEEE Power Electronics Society created in recent years:
the CyberPEL in 2019 and 2020, and the Design Methodolo-
gies Conference (DMC) in 2021 and 2022 [6]. Also, paper
[7] of 2023 studied the cybersecurity of smart inverters and
inverter-based systems like microgrids.
Therefore, focusing on the cybersecurity characteristics of
GCPEC, this article does a comprehensive review of existing
outcomes from selected references and raised some recom-
mendations to the future work of enhancing the cybersecurity
of GCPEC. The main contributions of the work can be sum-
marized as follows:
1) This article provides a detailed overview of GCPEC’s
layout, structure, and features. Based on these, the
cybersecurity vulnerabilities of GCPEC and their
impacts on smart grid operations were discussed, which
lead to a classification of cybersecurity vulnerabilities
depending on their relationships to the interior structure
and components of GCPEC;
2) This article performs a comprehensive review of
cybersecurity countermeasures, focusing on the ones
mostly-relevant to GCPEC and proven effective. Mit-
igation approaches against cyberattacks were intro-
duced in different aspects: the cyber layer, the physical
layer, and the coordination to cybersecurity standards;
3) This article also presents several hardware testbeds
for the cybersecurity study of GCPECs. These testbed
examples are groundbreaking efforts and can be used
by peers as reference to explore and design suitable
hardware testbeds to meet their own cybersecurity val-
idation needs;
4) This article raises some recommendations as potential
directions for future research on cybersecurity vulner-
abilities, countermeasures, and testbeds for GCPECs.
This paper focuses on the GCPEC’s cybersecurity issues and
thus no superfluous statement on the cybersecurity of power
transmission and distribution systems is included herein.
This paper presents and analyzes the cybersecurity of
GCPEC, in the aspects of vulnerabilities, countermeasures,
and testbeds. The following sections are organized as fol-
lows: Section II introduces the GCPEC and its interactions
with distributed energy devices and smart grids briefly,
and then reveals its relevant vulnerabilities in cybersecurity;
Section III explores the countermeasure ideas and approaches
VOLUME 11, 2023 113545
4. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
to different cyberattacks and analyzes their performances,
as well as their coordination to cybersecurity standards;
Section IV demonstrates some testbed examples to validate
cybersecurity solutions for GCPEC; and finally, Section V
discusses some recommendations for future study, which lead
to a conclusion drawn in Section VI.
II. VULNERABILITIES OF CYBERSECURITY
This section introduces the layout of GCPEC and its interac-
tions with distributed energy devices and smart grids. After
that, based on the structure and features of GCPEC, the
vulnerabilities of GCPEC and their impacts on smart grid
operations are reviewed and discussed.
A. LAYOUT OF GCPEC
Fig. 2 shows the general structure and major components of
GCPEC. The GCPEC mainly consists of two sections: one
is the ‘‘Power Electronics Conversion’’ to handle the voltage
and frequency conversions of electric power between the
direct-current (DC) power of distributed energy devices and
the tie point of three-phase alternative-current (AC) power of
utility grids, i.e., the ‘‘Grid Tie’’ shown in Fig. 2; the other
one the ‘‘Communication Module’’ to collect, exchange,
and share power information, data, and command with the
upstream communication devices in smart grids in real-
time. One example is the internet-of-things (IoT) device,
which is a collaboration of custom-designed technologies
to interconnect internet-enabled physical devices and enable
communication with each other through a wireless network.
As some existing GCPEC devices invert dc power into ac
format in a smart grid and deal with operation monitoring via
telecommunications, they are often called ‘‘smart inverters’’
in some literature.
FIGURE 2. The layout of GCPEC and its interconnections to distributed
energy devices and smart grids.
The dc power components within the distributed energy
devices include solar panels and battery packs in ESSs and
EVs. Due to the energy storage feature of batteries, bidirec-
tional power converters should be adopted to support flexible
energy storage and delivery to smart grids freely. For solar
energy harvesting, there is unidirectional power delivery from
solar panels to smart grids through GCPECs. Depending
on the voltage level of dc power, the GCPEC can utilize a
single-stage power conversion of ‘‘DC-AC’’ or a dual-stage
power conversion of ‘‘DC-DC-AC’’ with an additional dc
booster. Based on Fig. 2, it is noticed that cyberattacks can be
launched against either the power conversion section physi-
cally or the communication module in cyber. Therefore, the
cybersecurity of GCPEC is not a sole cyber issue anymore
and its vulnerabilities in hardware and related hardening
approaches should be considered.
B. VULNERABILITIES OF GCPEC
1) PRIOR CASES OF VULNERABILITY STUDY
Previously, the firmware vulnerabilities in power electronics
converters were discussed in [8]. These firmware attacks have
the potential to ‘‘disrupt power, damage inverter systems,
threaten human health and safety, and harm economic loss’’
[9], [10]. There are three major attack points in the firmware
attack surface: 1) vendor access via a regular software update
and maintenance network remotely; 2) user access via user
remote interface; and 3) user physical access via USB flash
drive or local area network (LAN) [9].
Focusing on a battery management system (BMS), paper
[11] summarized five common attack points: 1) network vul-
nerability, 2) software/firmware vulnerability, 3) data storage
vulnerability, 4) on-board interface vulnerability, and 5) hard-
ware component security vulnerability. These vulnerabilities
include weaknesses in both the physical layer and cyber layer
within the battery management system.
Also, based on an EV charger, various data integrity
attacks on power electronics hardware were analyzed in
[12]. According to the comprehensive control scheme for the
onboard-charging (OBC) control, there are four major types
of cybersecurity threats classified for the OBC system: modi-
fication, interference, interruption, and interception [13] [14].
By applying and modeling these cyberattacks in the OBC
system, they can be generally classified into control-based
attacks and hardware-based attacks. In control-based attacks,
cyberattacks can be launched toward the controller area net-
work (CAN) communication bus and the side channels of
field-programmable gate arrays (FPGA) in the OBC sys-
tem. And hardware-based attacks can occur to disable the
hardware circuitry of the OBC system, such as the sudden
loss of load, grid-side short circuit, sudden loss of the input,
etc. These hardware attacks may disable the OBC system
permanently and cause personnel to be hurt or even die
in practice. Actually, these classified vulnerabilities can be
broadly expanded to other communication networks, micro-
controllers, and hardware circuitries in power electronics
devices [12].
Moreover, as discussed in Section I - ‘‘Introduction’’, the
deeper standardization of the smart grid introduced cyber-
security vulnerabilities. Paper [15] revealed the possible
cyberattacks on smart inverters (SIs) via changing the critical
points in their operation modes. As IEC/TR 61850-90-7 [16]
defines nine standardized interoperability function modes for
distributed energy resources, seven power-related function
modes are in charge of SI’s operation, in the aspects of
active/reactive power control and frequency control. Dif-
ferent from volt-var control in other literature, paper [15]
113546 VOLUME 11, 2023
5. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
focuses on the volt-watt management capability in the two
standard modes named ‘‘VW51’’ and ‘‘VW52’’. The stan-
dard ‘‘VW51’’ curve is designed for the generation to avoid
SI causing overvoltage in the system, while the standard
‘‘VW52’’ curve being used for charging against overvoltage
in the system. The two standard curves might be compro-
mised by a hacker and thus their operating points are badly
tampered with. This research in [15] has demonstrated this
vulnerability in SI, which can cause disastrous consequences
in power systems.
In addition, there was research on the cybersecurity related
to quantum computing. In 2021, paper [17] firstly introduced
the vulnerabilities of quantum security for power infrastruc-
tures including distributed energy resources (DERs). As a
ground-breaking technology, quantum computing pushes the
boundary of cybersecurity. Due to its superfast computing
(theoretically, trillion-level faster than a conventional classi-
cal computer), quantum computing attacks can break most
of the latest cryptography algorithms. As countermeasures,
there were two promising quantum-safe technologies: quan-
tum key distribution (QKD), and post-quantum cryptography
(PQC) evaluated in [17]. The QKD generates a one-time pass-
word (OTP) through the quantum channel to continuously
provide the secret keys for OTP based on physical laws. The
PQC technology requires the computational capability of the
DER should be sufficient to meet the requirements of PQC
algorithms. Five types of PQC were compared and draw the
conclusion that the PQC requires longer latency than the one-
PQC algorithm. Therefore, it is expected that PQC can be
applied to the DER network with 5G data transmission speed.
Based on the analysis, it was recommended that: 1) it will be
practical solutions to develop cost-effective quantum devices
and a server-based QKD network, say ‘‘apples to apples’’;
2) since QKD does not encrypt data itself, it still requires PQC
to achieve quantum-safe security; and 3) when only PQC is
adopted for quantum-safe security, the advanced communi-
cation network with high transmission speed is required or a
light-weight PQC should also be developed.
2) DISCUSSION ON GCPEC’S VULNERABILITIES
By reviewing the GCPEC’s vulnerabilities explored in the
previous studies, it is noticed that: no matter whether it is a
battery management system, an EV charger, a smart inverter
for solar panel, or any other type of grid-connected power
electronics converter, the interior structures of these GCPEC
devices are similar and mainly consists of the main power
circuit and auxiliary circuits, the drive circuit and sensors,
and the controller that communicates upstream networks. The
main power circuit handles the electric power flow through
GCPEC, either unidirectional or bidirectional. The configu-
ration of the main power circuit is determined by the topology
of GCPEC and its power semiconductor devices. The other
main component is the controller, which communicates to the
upstream commander through communication networks, pro-
cesses the control commands and sensor feedback, monitors
the GCPEC’s status, and generates signals to control the
behavior of power semiconductor devices through the driver
circuit. The controller can be carried on various analog and
digital electronics controllers, such as digital signal proces-
sors (DSPs), FPGAs, microcontroller units (MCUs), etc. The
drive circuit enlarges the power level of the control signal to
drive the power semiconductor devices in the main power
circuit. Both the sensors and driver circuits serve as the
interfaces between the main power circuit and the controller.
In addition, there are auxiliary circuits to protect the GCPEC
devices and personnel of operation and maintenance.
FIGURE 3. Classification of cybersecurity vulnerabilities, and their
relationships to the interior structure and components of GCPEC.
Depending on the vulnerability’s discussion and the anal-
ysis of GCPEC’s interior structure, cyberattacks can be
launched through cyber layers, such as communication net-
work access, the firmware of IoT devices, and data storage
ICs, as shown in Fig. 3. Also, the cyberattacks can be
physically implemented via sensors, pulse-width modulation
(PWM) and driver circuits, and system protective circuits,
such as overcurrent/overvoltage protection, thermal protec-
tion, etc. Fig. 3 illustrates the classification of these vulner-
abilities and their relationships to the interior structure and
components of GCPEC. These vulnerabilities are classified
into: access attacks, firmware attacks, data storage attacks,
PWM signal attacks, and protective circuit attacks. These
vulnerabilities can be maliciously attacked by the means of
cyber, physical, or both. These vulnerabilities are general
cyberattack threats to the GCPEC devices and thus should
be all considered and checked during the study of cyberse-
curity countermeasures. Considering the unique features of
quantum computing, the vulnerabilities of quantum security
are excluded from the scope of this article. Based on the
discussion above, the cybersecurity vulnerabilities and their
relevant interior structure and components in the cyber and
physical layers within GCPEC are classified in Table 1.
III. COUNTERMEASURES OF CYBERSECURITY
This section introduces the countermeasures of cybersecurity
for GCPECs in three aspects: 1) the mitigation approaches to
deal with the vulnerabilities at the cyber layer, such as the data
VOLUME 11, 2023 113547
6. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
TABLE 1. List of cybersecurity vulnerabilities in GCPEC devices.
storage attack, firmware attack, and network access attack;
2) the mitigation approaches to overcome the vulnerabilities
at the physical layer, say ‘‘hardware hardening’’ to GCPEC;
and 3) the coordination to the existing and developing stan-
dards relevant to the cybersecurity and GCPECs, such as the
standards IEC-61850, IEC-62351, IEEE-1547.1, IEEE-1815,
and IEEE-2030.5. The GCPECs should meet these standards
to guarantee their cybersecurity and interoperability in smart
grids.
A. MITIGATION METHODS AGAINST CYBERATTACKS
There are several methods explored to detect and mitigate
cyberattacks for GCPECs, which are based on the techniques
of blockchain and watermarking, as well as the PQV-limit
model for intrusion detection. This subsection focuses on the
mitigation methods for GCPEC’s cybersecurity issues and
thus not include any superfluous statement on the mitigation
methods for the cybersecurity of power transmission and
distribution systems. The reviews of these study cases lead
to the recommendation of future research in Section V-A.
1) BLOCKCHAIN TECHNIQUE
Blockchain is a system of recording information in a way
that makes it difficult or impossible to change, hack, or cheat
the system. Blockchain is a shared, immutable ledger that
facilitates the process of recording transactions and track-
ing assets in a network. In 2020, paper [18] proposed a
metering method based on the blockchain network in smart
inverters. This method operates similarly to micro phasor
measurement units (µPMUs) and is implemented by an IoT
device as a local security node. The blockchain network was
designed to validate measurement data, generate a metering
ledger, manage ID, and store metering ledgers [18]. The
proposed blockchain network focused on the utilization of
blockchain smart contracts, which are self-executing scripts
that execute the terms of contracts triggered by designated
events. This method was proven by experimental tests on
its improvement to the communication and data security of
the IoT-enabled smart inverters. It helps to enhance visibility
and situational awareness for advanced grid services. The
proposed blockchain-assisted smart (BAS) inverters are cost-
effective, which is estimated at only $20∼$100 versus a
typical PMU of $2,000∼$5,000. This is an attractive feature
to realize cost-effective cybersecurity solutions in GCPECs.
Later in 2021, a blockchain-based firmware security check
and recovery framework were proposed to mitigate the threats
from firmware security attackers [9]. The blockchain proper-
ties defined in the framework include: 1) permissioned and
private network (membership service); 2) maintaining data
integrity-the blockchain normally will not be altered after
being committed into the ledger; 3) smart contracts define a
set of rules to govern transactions within the network; and 4)
distributed ledgers to avoid the point of a single attack.
In 2021, a blockchain-based man-in-the middle (MITM)
attack detection method was proposed for a PV system [19].
This method utilizes security modules attached to operating
technology (OT) devices in a PV system and distributed
blockchain network with users or vendors involved to build a
cooperative data integrity validation ecosystem. Experimen-
tal tests were performed to validate that this method can detect
MITM attacks modifying in-transit data by keeping tracing
authentication, integrity, and authorization of data, as well as
providing security logs of the critical assets [19].
Furthermore, the blockchain technique was applied to
enhance the cyber-physical security of BMSs in 2022 [11].
It was pointed out that BMS developers may overlook and
neglect potential security-related vulnerabilities for current
BMSs and future BMSs in cyber-physical environments.
Therefore, the paper [11] firstly investigated this urgent chal-
lenge and how to mitigate the cyberattacks on BMSs and
introduced the infrastructure and features of the BMS with
blockchain technology. It was highlighted that blockchain is
a distributed data structure consisting of timestamped blocks
and links between the blocks called ‘‘chains’’, and the blocks
are inherently resistant to tampering and revision [20]. And
a smart contract is an event-driven program that executes the
terms of contracts with the state, which run on a replicated,
shared blockchain ledger [20]. In this way, the BMS develop-
ers can utilize the smart contract to implement an efficient
trading workflow between the blockchain network and the
physical world, i.e., the BMS in this application.
Focusing on the five common attack points of BMSs stud-
ied in [11] and described in Section II-B: 1) the network
vulnerability, 2) the software/firmware vulnerability, 3) the
data storage vulnerability, 4) the on-board interface vulnera-
bility, and 5) the hardware component security vulnerability,
blockchain technique was used to address all these vulnerabil-
ities, respectively. For each common attack point, the relevant
blockchain strategy was proposed and discussed for securing
BMSs, as listed in Table 2.
The paper [11] also compared several blockchain plat-
forms and found the Hyperledger-Fabric is the most fea-
sible for BMS applications. Besides the excellent features
of other blockchain platforms, the Hyperledger-Fabric is a
private and permissioned blockchain type, which requires
less energy and computation. It has significantly less latency
in a blockchain ledger creation without the requirement of
transaction fees/coins. It also has the ability of running smart
contracts. The paper [11] can serve as a baseline reference
for the understanding and design of cybersecurity-related
113548 VOLUME 11, 2023
7. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
TABLE 2. Cybersecurity vulnerabilities and their corresponding
blockchain strategies (summarized from [11]).
issues in BMS. Obviously, the blockchain technique can be
expanded and generally applied against the cybersecurity
vulnerabilities in GCPECs for smart grid operations.
2) WATERMARKING TECHNIQUE
A digital watermark is a kind of marker covertly embedded
in a noise-tolerant signal such as audio, video, or image data.
It is typically used to identify ownership of the copyright of
such signal. ‘‘Watermarking’’ is the process of hiding digital
information in a carrier signal; the hidden information should,
but does not need to, contain a relation to the carrier signal
[34]. Digital watermarks may be used to verify the authentic-
ity or integrity of the carrier signal or to show the identity
of its owners. It is prominently used for tracing copyright
infringements and for banknote authentication.
In 2020, paper [35] introduced an active detection scheme
based on the dynamic watermarking technique [36], [37] for
cyberattacks in grid-tied PV systems. Further, in 2021 the
dynamic watermarking technique was applied to detect the
problem of attacks on sensor measurements, which forms a
‘‘robust cyber shield’’ named for grid-connected PV inverter
system [38]. The tampering behavior on sensor measure-
ments, a kind of fault data injection, can be detected to avoid
instability in power inverter systems. The dynamic water-
marking test equations are derived from the mathematical
expression of the inverter control system for cyberattack judg-
ment. The matrices ‘‘A’’ and ‘‘B’’ in these test equations are
calculated from the system identification methodology [38].
The performance of the proposed robust cyber shield was
demonstrated in simulation and experimental tests on a test
system of a 5 kW PV inverter connected to a 240 V grid.
It was noticed that a nonlinear load of 2.4 kW was included
in the test system, to verify the impact of voltage harmonics
introduced by the nonlinear load on the proposed detection
scheme. The test results demonstrated that the proposed digi-
tal watermarking algorithm can almost instantaneously detect
tampering on sensor measurements, even if there is a nonlin-
ear load in the system. These research activities verified the
effectiveness of the watermarking technique in dealing with
the false data injection into sensor measurements, as well as
serving as potential resistance to general cyberattacks.
3) INTRUSION DETECTION BASED ON PQV LIMITS
PQV limits can be used to identify three distinct operation
regions of GCPEC: normal, safe, and abnormal. In 2020,
an intrusion detection system (IDS) was proposed based on
the theory of PQV limits in PV inverters [39]. This method
can be used for cybersecurity detection in a distribution net-
work with a high penetration of PV inverters, especially on
false data injections. The IDS is based on the state-space
model of grid-following inverters. Its design relies on the
network topology, network inverters’ ratings, and controller
specifications. The accuracy of this method is influenced by
the impedance (Rgi and Lgi) in the network. Rgi and Lgi are the
resistance and inductance seen by the ith distributed inverter
from its local point of common coupling (PCC) to the main
grid feeder bus terminal [39], respectively. The impedance
can be determined by a graph theoretic approach [40] in
the application. Based on the derived PQV contours, an IDS
block diagram was developed in [39] for proactive intrusion
detection. And its effectiveness was verified in the simulation
tests of a power electronics-dominated grid (PEDG) with four
30 kVA grid-following inverters.
Based on the analysis of the mitigation methods applied
to GCPECs, the blockchain technique is based on distributed
data structure and has a notable feature of low energy and
computation capability from the controller of GCPEC. Com-
paratively, the watermarking technique and the intrusion
detection are all based on the mathematical modeling of
GCPEC systems. The accuracy of the system parameter esti-
mation has a direct effect on the effectiveness of cybersecurity
mitigation. The mathematical models also require additional
data storage space in the controller of GCPEC. This bur-
den may block the application of these techniques on some
GCPEC devices, which have limited computing and data
storage capabilities.
In addition, paper [41] introduced a noninvasive anomaly
diagnosis mechanism to distinguish cyberattacks and faults
in power electronics systems. This mechanism only requires
locally-measured voltage and frequency as inputs and can
distinguishes anomalies within 5 ms, which is the fastest
diagnosis time per the authors’ best knowledge in 2023, com-
pared to other existing anomaly diagnosis mechanisms [42],
VOLUME 11, 2023 113549
8. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
[43], [44]. The scheme of this mechanism was validated on
two benchmark distribution systems: CIGRE LV distribution
system and IEEE 37-bus distribution systems, using real-time
(RT) simulations in OPAL-RT environment with HYPERSIM
software and also on a hardware prototype [41].
Recently, some efforts were conducted to exploit vul-
nerabilities of established countermeasures of cybersecurity
for GCPEC. Paper [45] of 2023 proposed a reinforcement
learning (RL)-based method to uncover the deficiencies of
existing false data injection attack (FDIA) detectors used for
modular multilevel converters (M2C) applications, a promi-
nent solution for high-efficient long-distance high-voltage
direct current (HVdc) transmission systems. Depending on
the defined RL scheme, it is necessary define the following
elements to use the RL technique for obtaining the FDIA
attacker: 1) the inputs of the actor, which is the neural network
(NN) that will define the attack, and the critic, another NN
that evaluates the cost; 2) the output of the actor; 3) the reward
function that drives the training; 4) the experiment design
[45]. The effectiveness of this RL method was verified in HIL
studies, which found that the attack sequences depend on the
characteristics of the FDIA detector studies, i.e., the more
sophisticated the FDIA detectors, the more complex attack
sequences will be generated by the proposed RL-method.
This method can help to improve the detection effectiveness
of the current FDIA detectors available nowadays.
B. HARDWARE HARDENING
Hardware hardening is an essential approach to physically
secure the safety of GCPEC’s operation and interconnected
systems. To the best knowledge of the authors, up to date
there were two hardware-hardening approaches developed
to mitigate cyber threats physically in GCPECs and thus
enhance the security of digital controller and driver circuitry,
respectively. By studying these two cases, more novel meth-
ods and designs of hardware hardening should be developed
to strengthen the physical security of GCPEC further as
discussed in Section V-B.
1) PARALLEL CONTROL FRAMEWORK
In 2022, a parallel control framework was proposed against
the impact of cyberattacks on the operation of power convert-
ers [46]. The control framework consisted of a digital model
predictive controller (MPC) and an analog proportional inte-
gral controller (PIC), which were physically connected in
parallel. When a cyberattack was detected, the digital MPC
was isolated from the control loop and thus the analog PIC
handled the control of the power converter. After the cyberat-
tack disappeared, the MPC could be reconnected immediately
and dominated the control loop again. In paper [46], a pulse
width modulation (PWM) merging unit was designed to con-
trol and select the PWM signals between MPC and PIC under
normal conditions and the compromised conditions caused by
cyberattacks. The mathematical model of the proposed paral-
lel framework and the digital MPC design were introduced in
[46] in detail. Due to the consideration of the PIC in parallel,
the MPC design was more complicated than usual. But the
added hardware for the parallel framework only included the
extra PWM merging unit, a cyberattack detection unit, and
some multiplexers, which made it a cost-effective solution
to enhance the security of power converters via hardware
hardening in practical applications.
The proposed parallel framework was verified on a 1-kW
buck converter prototype. The digital MPC was designed and
coded on TI’s DSP TMS320F28335 [47]. The experimental
tests were conducted to compare the performance of MPC
and PIC, analyze the influence of parameter mismatching,
and verify the effectiveness of the parallel control under
cyberattacks, as well as the restoration of the system after
the cyberattack disappeared or was removed. The experimen-
tal results proved that the proposed parallel controller can
provide good steady-state and dynamic performance in the
cybersecurity of power converters.
2) SECURITY-ENHANCED DRIVER CIRCUIT
In 2020, a new extra digital-logic circuit was proposed in [12]
to enhance the security of the driver circuit in an OBC system.
This simple circuitry was inserted between the controller and
driver ICs to eliminate possible severe dc-link short-circuit
failure and thus enhance the reliability of the OBC system.
Since paper [12] revealed that this logic circuit can operate
properly and safely up to 2 MHz switching in PWM, the
new logic circuit can be generally applied to GCPECs with
various power semiconductor switching devices, e.g., IGBTs
and MOSFETs, including the traditional silicon-based ones
and the emerging wide-bandgap (WBG) based and ultra-
WBG ones.
By studying the two hardware-hardening approaches, it is
noticed that each approach provides one protection towards a
particular hardware component within GCPEC. The parallel-
control framework protects the digital controller and enables
its continuous offline operation under cyberattack. And the
security-enhanced driver circuit protects the switching logic
of the driver circuit in GCPECs. Both hardware-hardening
approaches cost-effectively implement their functions. In
future, more innovative approaches should be invented to
harden the other hardware components as shown in Fig. 3.
In addition, in 2021 paper [48] introduced a method inte-
grating the concepts of firmware hot-patching, digital twins,
and active monitoring to realize an embedded online security
into the cybersecurity protection of grid-connected devices.
This method focuses on the control and hardware layer
and embeds both an online digital twin and hot-patching
methodology into the controls of a grid-connected device.
The concept of a digital twin was described in [49], and the
concept of hot-patching was introduced in [50], [51], [52],
and [53]. This method will allow for firmware to be patched
and validated from the control layer before it is activated to
control the overall system, which adds an additional layer
of protection. Paper [48] validated the effectiveness of the
113550 VOLUME 11, 2023
9. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
proposed method on an embedded controller architecture
consisting of an FPGA and two DSP controllers and various
auxiliary components (as shown in the Fig. 2 of [48]).
C. COORDINATION WITH CYBERSECURITY STANDARDS
All GCPECs in smart grids should coordinate with certain
requirements and protocols defined in relevant standards to
ensure their interoperability and highly-secured cybersecurity
in the system. Two sets of standards are discussed here:
1) IEC-61850 and IEC-62351, which regulate the commu-
nication protocols and their cybersecurity countermeasures;
and 2) IEEE-1547.1, IEEE-1815, and IEEE-2030.5, which
regulate the interoperability of distributed energy resources
in smart grids. Below are the descriptions and discussions
on these standards, which can be used as references for the
coordination study of GCPEC’s integration into smart grids
with enhanced cybersecurity.
1) IEC-61850 AND IEC-62351 STANDARDS
Standard IEC-61850 is an international standard defining
communication protocols for intelligent electronic devices at
electrical substations. From substations to grids, IEC-61850
has become the most promising communication standard
for the integration and interoperation of power instruments
and devices from various vendors in smart grids. To over-
come the cybersecurity threats from the IEC-61850 evo-
lution, IEC-62351 was developed to mitigate the threats
by securing different IEC-61850 messages. The IEC-61850
message structures and the performance of security analysis
by using IEC-62351 security mechanisms were conducted in
[54]. Accordingly, IEC-62351 was developed for handling
the security of the TC-57 series of protocols including the
IEC-60870-5 series, IEC-60870-6 series, IEC-61850 series,
IEC-61970 series & IEC-61968 series. It establishes a com-
plete end-to-end (E2E) security model required for power
system communications.
Studying the background and security requirements in
IEC-61850 power utility automation systems, there are four
basic security requirements: confidentiality, integrity, avail-
ability, and nonrepudiation [55]. Due to the two main factors
of IEC-61850’s popularity: a) easy connection via Ethernet;
and b) standardized message structures, it creates undesired
cybersecurity vulnerabilities via the communication network
of power systems. Paper [56] revealed that false data attacks
can be identified by modifying generic object-oriented sub-
station events (GOOSE) messages and trip circuit breakers
in substations. Paper [57] concluded three types of so-called
‘‘GOOSE poisoning’’, which include high-status number
attacks, high-rate flooding attacks, and semantic attacks [58],
[59], [60]. And paper [61] demonstrated a Man-In-The-
Middle (MITM) attack on the IEC-61850 manufacturing
message specification (MMS) messages by the address res-
olution protocol (ARP) spoofing. These different types of
security attacks and their relevant requirements in IEC-61850
automation systems were summarized in [54].
To mitigate these false data attacks, IEC-62351 provides
smart grids E2E cybersecurity measures and solutions. Three
security requirements specified by IEC-62351 for different
IEC-61850 messages were analyzed in [54]: a) GOOSE
and SV messages. The ‘‘SV’’ is shorted for ‘‘sampled val-
ues’’; b) R-GOOSE and R-SV messages. The ‘‘R’’ represents
‘‘routable’’. These messages are essentially the same as the
first category ones but can be routed to different LANs and
WANs, which could extend their operations domain signifi-
cantly but also introduce additional cybersecurity vulnerabil-
ities; and c) MMS messages used for P2P communications.
From the analysis, it was found that the use of the RSA digital
signature defined in the IEC-62351-6 standard for securing
GOOSE and SV does not meet the timing considerations
of IEC-61850 in [54]. It was also highlighted that ‘‘The
IEC-61850-90-5 stipulates that for R-GOOSE and R-SV, the
information authenticity and integrity are mandatory require-
ments, while the confidentiality is left as optional.’’ and ‘‘for
the optional confidentiality of R-GOOSE/R-SV messages,
IEC-61850-90-5 recommends the use of encryption algo-
rithms, such as AES-128 and AES-256 algorithms’’. Also, the
packet format and signature algorithms were described for the
secure R-GOOSE and R-SV messages in [54]. In addition,
for MMS client-server messages, the security issues were
analyzed for the transport profile and application profile,
respectively. The recommended cryptographic algorithms for
the E2E security profile were listed in [54], which can be used
as a good reference to understand the cybersecurity vulner-
abilities of IEC-61850 messages. It recommended solutions
in IEC-62351 to explore cybersecurity solutions for the IEC-
61850-based substations and smart grids, in consideration of
timing limitations in practice. Paper [4] introduced vulner-
abilities of the communication in smart grids and revealed
the security mechanisms collected by IEC-62351 and how to
apply them to time-sensitive networking.
Moreover, there are a couple of tables and figures that can
be used as good references to understand the relationships
between IEC-61850 and IEC-62351 standards and different
security threats and measures, as listed in Table 3. Paper
[62] of 2022 demonstrated a design of smart controller for
managing penetration of renewable energy in a smart grid by
integrating the IEC-61850 communication layer and physical
intelligent electronic devices.
2) IEEE-1547.1, IEEE-1815, AND IEEE-2030.5 STANDARDS
Since the introduction of renewable energy resources and
distributed power generations, the standard IEEE-1547-2013
was developed in 2013 to define the technical specifica-
tions and testing of the interconnection and interoperability
between utility electric power systems (EPSs) and dis-
tributed energy resources (DERs). In 2018, the standard
IEEE-1547-2018 was updated to include standardized inter-
operability. Later, in 2020, the standard IEEE-1547.1 doc-
umented the step-by-step test procedure for evaluating the
interoperability requirements of IEEE-1547-2018. Besides
the IEEE-1547 series standards, the Nationally Recognized
VOLUME 11, 2023 113551
10. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
TABLE 3. A list of table and figure references selected from [4] and [54].
Testing Laboratories (NRTLs) certified DER’s compliance
with Underwriters Laboratories (UL) 1741 [63], [64]. The
IEEE-2030.5 is a standard for communications between the
smart grid and consumers, which uses IoT concepts and gives
consumers a variety of means to manage their energy usage
and generation.
Generally, there are four compliance protocols focusing
on the DER’s compliance as described in [63] and listed in
Table 4 herein. The UL-1741 supplement A (SA) is a safety
test standard to certify products, which meet the require-
ments of safety and reliability in operation in support of
grid modernization efforts. It validates compliance for grid
support utility interactive inverters, i.e., the ‘‘smart inverters’’,
functionally.
TABLE 4. A list of four compliance protocols on DER’s compliance
(summarized from [63]).
Paper [63] used four test devices to demonstrate an
open-source framework for the evaluation of DER’s
interoperability: a) a SunSpec DER Simulator with a SunSpec
Modbus interface; b) an EPRI-developed DER simulator with
an IEEE-1815 interface; c) a Kitu Systems DER simulator
with an IEEE-2030.5 interface; and d) an EPRI IEEE-
2030.5-to-Modbus converter. The Table. 2 and Table. 3 of
[63] listed the information of different interoperability tests
required and mandated in IEEE-1547.1 for each protocol,
including the nameplate data tests, configuration information
tests, monitoring information tests, and various management
information tests, respectively. The open-source framework
is openly available to DER vendors, utility operators, cer-
tification laboratories, and research institutions to evaluate
and analyze the target DER’s interoperability performance,
in the aspects of implementation, communication, testing,
interoperation, and cybersecurity.
Three information models for IEEE-1547 functionality
were used to validate the interoperability of multiple DER
simulators: a) 700-series SunSpec Modbus model definitions
[76]; b) DNP3 application note [77]; and c) common smart
inverter profile (CSIP) [78]. Paper [63] represented the first
detailed investigation of these information models using the
DER interoperability certification procedure and was the
first to demonstrate the IEEE-1547 communication proto-
cols [63]. In their experiment work, the system validation
platform (SVP) was connected to four DER end-point sim-
ulators, which each used an IEEE-1547-mandated protocol:
SunSpec DER, IEEE-1815 DER, IEEE-2030.5 DER #1, and
IEEE-2030.5 DER #2. It was highlighted that ‘‘the IEEE
1547.1 testing is not a comprehensive interoperability test
sequence. It is designed to verify a basic level of function-
ality to demonstrate the DER communication interface is
connected appropriately to the electrical control and mea-
surement capabilities of the DER’’ [63]. Therefore, separate
certification programs and activities may need to be con-
ducted to fully validate the communication capabilities of
DER, depending on the requirements of interoperability in
utility grids.
Based on the features of simulators, the authors of [63]
from Sandia National Laboratories, SunSpec Alliance, and
Electric Power Research Institute (EPRI) conducted a series
of tests on the prototype DER devices to assess the IEEE-
1547.1 interoperability. These tests included the nameplate
data tests, the configuration data tests, the monitoring infor-
mation tests, and the management information tests. From
the experiment process, a couple of issues were explored
with the IEEE-1547.1 test procedure, the information mod-
els, pySunSpec2, and the DER simulators running each of
the protocols. This information and results are valuable to
power companies, utility management and operators, and
researchers from academia and institutes to assess the inter-
operability performance of their DER products and pro-
totypes. The SunSpec SVP Dashboard test platform [79]
and relevant tables and figures described in [63] can be
used by DER developers and researchers in the labora-
tory to configure their own testbeds and plan tests as
references.
113552 VOLUME 11, 2023
11. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
Based on the state of the art of these standards, the mit-
igation methods of GCPECs should be checked to ensure
their compatibility with IEEE-1547.1, IEEE-1815, and IEEE-
2030.5 standards for system interoperability. At the same
time, the mitigation methods of GCPECs can contribute to
the development of IEC-61850 and IEC-62351 for cyberse-
curity at GCPEC end, as an addition to the cybersecurity of
transmission and distribution networks.
IV. TESTBEDS FOR CYBERSECURITY VALIDATION
In this section, several hardware testbeds are introduced
for the cybersecurity study and experiments of GCPECs
applied to DERs, PVs, and EVs. As a ‘‘new-new’’ technology,
cases of cybersecurity validation in hardware are rare up to
date. Therefore, these hardware testbeds are groundbreaking
efforts and can be used by peers as references to explore
and design suitable hardware testbeds to meet their own
cybersecurity validation needs.
A. TESTBED EXAMPLE #1 – ‘‘CSPR PROTOTYPE’’
A power cybersecure power router (CSPR) prototype was
introduced in [80], which can route control of the power
electronics converters between a primary controller and a sec-
ondary controller, as well as a set of lockout signals. The pro-
posed cybersecure scheme can avoid unfavorable interrupted
operations in power converters, while the firmware of the
power converters is being updated. The power-electronics-
related cyber threats were summarized in a threat matrix
in terms of assets, threats, and mitigation methods. The
assets and threats were briefly discussed in the classifications
of: 1) network communication, 2) firmware, 3) hardware,
and 4) power processing. Many metrics and security fea-
tures for these assets require little adaptation for the CSPR
prototype [80].
The major components of the CSPR prototype are listed
in Table 5. The interconnections of these major components
were shown in a block diagram (as the Fig. 2 of [80]). The
CSPR prototype was energized by a BK Precision power
supply (model 1672) and delivered electric power to a dc
load bank of 1.2 k. During experimental tests, the input
power of the C prototype varied within [9.0, 25.0] V and
up to 0.5 A. In the cyber layer of the CSPR prototype,
a heartbeat was generated by each controller coded in the two
TI DSPs and then supplied to a hardware-assisted monitor
instantiated within the complex programmable logic device
(CPLD) [80]. The heartbeat was used to evaluate the firmware
integrity at run-time [81]. In addition, some other cyberse-
curity mitigation methods were embedded into the CSPR
prototype, such as AES-128 encryption, a key management
system, and low-level hardware protections. The experiment
results verified the enhancement of firmware security dur-
ing run-time, booting/upgrading, and malfunction conditions.
The CSPR prototype has notable features in control flexibil-
ity and independent configuration for firmware security in
grid-connected power electronics converters.
TABLE 5. A list of major components in CSPR prototype (summarized
from [80]).
B. TESTBED EXAMPLE #2 – ‘‘PV-SYSTEM TESTBED’’
A PV system testbed with blockchain-assisted enhancement
was introduced in [9] and [18]. The physical power layer
mainly included PV simulators (i.e., dc power supplies),
power inverters, resistive loads, and a blockchain network
programmed in a PC. Each power inverter consisted of a
280-watt Texas Instrument (TI)’s solar microinverter [82] and
a Lattepanda IoT device [83]. The Lattepanda IoT device
acted as a local secure node to carry blockchain code and
interfaced with a Piccolo TMS302F28035 DSP controller
in the power inverters. In the cyber layer, the proposed
blockchain was embedded into the Lattepanda via a software
named ‘‘Hyberpedger-Composer’’. This testbed is suitable
for laboratory experimental tests for cybersecurity method-
ology verifications.
Furthermore, paper [11] introduced a cyber-physical bat-
tery testbed, which mainly consisted of three IoT-enabled
battery modules, a local blockchain network, and an Amazon
Web Services (AWS) cloud. A Lattepanda IoT device was
connected to a TI’s BMS of model ‘‘bq76920EVM’’, which
was used to monitor and manage five Li-ion battery cells. For
the cyber layer of the testbed, a local blockchain network was
designed and embedded into a PC, which interacted with the
IoT devices and BMS.
C. TESTBED EXAMPLE #3 – ‘‘DC-DC POWER CONVERTERS
FOR HARDWARE HARDENING’’
DC-DC buck converter has a simple topology, a pulse width
modulation, a driver circuit for the switching of power semi-
conductor devices, and a possible connection to external
IoT devices. It has all the necessary hardware components
and software access points to serve as a good simple tested
with various cyberattack targets. So, the dc-dc buck con-
verter is suitable for cybersecurity study in power electronics,
especially hardware hardening. There are two dc-dc power
converter testbeds introduced in this article for hardware
hardening in section III-B, i.e.,the parallel control framework,
and the security-enhanced driver circuit.
Based on the dc-dc power converter testbed in [12], Table 6
summarizes some potential methods to detect cyberattacks
VOLUME 11, 2023 113553
12. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
early and thus prevent hazardous failures as countermeasures
to these classified vulnerabilities. The countermeasures for
CAN protocol cybersecurity can be the same as the ones
applied to communication networks, such as applying AI
and blockchain techniques, for robust authentication and
encryption algorithms. The potential solutions of FPGA’s
side-channel-based attacks include two categories: a) mak-
ing the victim logic more resilient to side-channel attacks;
and b) making it more difficult for attackers to construct
any power/delay monitoring circuits on an FPGA [12]. The
security-enhanced driver circuit in section III-B implements
hardware hardening to eliminate possible severe dc-link
short-circuit failure and thus enhance the reliability of the
OBC system. In addition, the DSP-based digital filters and
intelligent data processing algorithms are implemented and
validated in the OBC system to detect cyber and physical
attacks successfully. Due to the similarity of cyber and phys-
ical layouts of different power electronics devices shown in
Fig. 2 and Fig. 3, these classified cyberattacks and proposed
countermeasures can be generally applied to EV onboard
chargers and other GCPECs.
TABLE 6. Classification and countermeasures for the cybersecurity of
OBC systems (summarized from [12]).
These testbed examples can be used as references to design
new hardware testbeds for specific purposes of cybersecurity
validation. Table 7 compares the capabilities of the testbed
examples mapping to the key components of GCPECs listed
in Table 1. All these hardware testbeds include the key com-
ponents of power conversion and control. The candidates of
digital controllers include CPLD, DSP, and FPGA, which
all can implement data collection and processing and PWM
generation. Due to the focus on hardware hardening, there is
no communication device in the testbed example #3 but com-
munication modules can be added upon necessity. Testbed
example #1 uses the BeagleBone Black to provide ethernet
communication in a Linux environment, while testbed exam-
ple #2 adopting the Lattepanda IoT device to operate in a
Windows environment. Cybersecurity researchers can choose
the right one for hardware testbeds based on their experience
with the computer operating system.
TABLE 7. Comparison of hardware testbed examples for GCPEC’s
cybersecurity study.
V. RECOMMENDATIONS FOR FUTURE RESEARCH
This section states the discussions of some recommendations
as potential directions for future research on cybersecurity
vulnerabilities, countermeasures, and testbeds for GCPECs
based on the literature and prior work reviewed and discussed
in this article. These recommendations are categorized into
four aspects: 1) feasibility assessment of cybersecurity detec-
tion and mitigation methods; 2) novel hardware-hardening
approaches; 3) coordination of cybersecurity standards and
GCPEC design; and 4) development of new testbeds as the
baseline for cybersecurity study. All these recommendations
focus on GCPECs and their secure applications in smart grids
A. ASSESS THE FEASIBILITY OF CYBERSECURITY
DETECTION AND MITIGATION METHODS FOR GCPEC
Besides the three cybersecurity detection and mitigation
methods introduced in section III-A, i.e., the blockchain tech-
nique, the watermarking technique, and the PQV-limit detec-
tion method, there are many other cybersecurity detection
methods proposed and studied for modern power systems.
For instance, there are 38 cyberattack detection methods and
23 mitigation methods listed in Table 8 of [3], which covers
most of the proposed methods for power systems up to date.
It should be noticed that these proposed methods may or
may not apply to GCPEC, even though they can be generally
utilized as cybersecurity countermeasures at the transmission
and distribution level. Compared to the computing units in
broad power systems, the controller of GCPEC shown in
Fig. 3 has relatively slower data processing, limited comput-
ing capability, smaller data storage, and other shortages in
function. These shortcomings in GCPEC’s controller result in
limitations to apply certain proposed cybersecurity detection
and mitigation methods. Therefore, the feasibility of poten-
tial cybersecurity methods should be assessed via testing in
GCPECs and their interaction with the cyber-physical layers
upstream.
Table 8 lists five requirements for the safety and security
of communication in smart grid operations, which can be
adopted in the assessment of GCPEC’s cybersecurity. Also,
paper [1] discussed some concepts and implementations
of certificate-based authentication and message integrity in
smart grids. Especially, some tests were performed on an
113554 VOLUME 11, 2023
13. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
Intel i5-3210M CPU @ 2.50GHz system to compare the
performance of three digital signature algorithms (RSASSA-
PKCS1-v1_5, RSASSA-PSS, and RSA). It was found that
there are quite significant differences in signing time and
verification time. Therefore, it is proven that it is essential
to investigate different algorithms of cybersecurity solution
and identify the appropriate ones for GCPEC’s operations,
which provides sufficient cybersecurity while meeting the
time-restricted requirements of GCPEC and its intercon-
nected power system operations.
TABLE 8. Requirements and their definitions for safe and secure
communication (summarized in [1]).
B. PROPOSE AND VERIFY NOVEL
HARDWARE-HARDENING APPROACHES FOR GCPEC
Different from power transmission and distribution networks,
GCPECs are much more vulnerable to cyberattacks that are
launched by accessing their physical components locally,
such as all the attacks shown in Fig. 3 except the access
attack through a communication network. Novel hardware
hardening approaches shall be available to enable these two
functions at least to enhance cybersecurity via hardware
hardening:
a) Non-modifiable physical components: the integrity of
physical components in GCPECs shall be improved.
As inevitable commonly-accessible components, the
driver and sensor circuits can be developed in a module
to avoid easy modification by hackers. The commonly-
used I/O pins of the controller shall be packaged and
secured to avoid unauthorized access by hackers;
b) Analog-based circuits as a backup for sustainable oper-
ation: when the communication network and/or local
digital circuits are hacked and disabled, an analog-
based circuit can be activated to keep GCPEC operating
in standalone mode. It meets the need for sustainable
power supply to local loads while avoiding pollution
in distribution networks. Besides the parallel control
framework introduced in section III-B1, novel backup
circuits shall be developed for various components and
topologies in GCPECs.
Also, the coordination of novel hardware-hardening
approaches and other existing approaches/components shall
be investigated. For instance, the novel hardware-hardening
approaches can coordinate with the adopted cybersecu-
rity detection and mitigation approaches to realize seam-
less operation. When a cyberattack is detected and the
hardware-hardening approach is activated, there shall be a
seamless transition from the pre-cyberattack condition to
the hardware-hardening activated condition. Also, the analog
circuit backup shall operate in coordination with the existing
digital circuit well without any interference or disturbance.
In addition, it should be noticed that the novel
hardware-hardening approaches should not replace the con-
ventional protective scheme, which protects GCPECs from
various faults, such as short circuits and unbalanced loads.
Each proposed hardware-hardening approach should be ver-
ified in experimental testbeds to prove its effectiveness and
study its applicability and constraints.
C. COORDINATE DEVELOPING CYBERSECURITY
STANDARDS FOR GCPEC DESIGN
Since GCPECs equip communication network access and
power circuit together via the communication components
like IoT devices, both power-related and communication-
related standards shall be considered in the cybersecurity
of GCPEC design. The standards IEEE-1547.1 and IEEE-
2030.5 shall be used as references to study the interoperability
between GCPECs and smart grids. And the standard IEC-
62351 can be used to explore cybersecurity solutions for the
IEC-61850-based substations and smart grids while consid-
ering the constraints of information processing capability in
GCPECs.
Moreover, the standard UL-1741 can be used to certify
the GCPEC device’s compliance. And the standard IEC-
61850 can be used to study new cybersecurity vulnerabilities
in GCPECs and smart grids. Keep in mind that all these
standards are live documents and developing over time. It
is essential to coordinate GCPEC’s design well with the up-
to-date cybersecurity-related standards to ensure the cyberse-
curity and interoperability of GCPEC devices in smart grids.
D. DEVELOP BASELINE TESTBED FOR CYBERSECURITY
STUDY OF GCPEC
To generalize the cybersecurity study of GCPEC, the base-
line testbeds of GCPEC’s cybersecurity should be developed
by the task forces organized and supported by government
research institutes and professional societies. It is analogous
to the IEEE standard bus systems (e.g., the 9-bus, 14-bus,
30-bus, 39-bus, and 118-bus systems for transmission study,
and the 34-bus system for distribution study) that can be
used by researchers to implement new ideas and concepts
in power systems. The configurations and instructions of
these baseline testbeds can guide cybersecurity researchers
to define their own specifications based on their particular
VOLUME 11, 2023 113555
14. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
needs. They can also be used by industrial designers to
test their products to meet the requirements of cybersecurity
standards and certification purposes. As shown in Fig. 2,
these baseline testbeds should include ‘‘dc-dc’’ and ‘‘dc-dc-
ac’’ topologies to meet the need for DERs, EVs, and PVs
testing. In the specification, these testbeds should provide
multiple communication approaches and accesses, such as
internet, ethernet, and wireless connections. As nonstandard
computing devices that wirelessly connect to a network with
sensors, the IoT devices in the baseline testbeds should meet
the communication protocols defined in the standard IEC-
61850 up to date. The standard IEC-62351 can be used to
specify the cybersecurity countermeasures in the communi-
cation parts of baseline testbeds. The baseline testbeds should
meet the standards IEEE-1547.1 and IEEE-2030.5 for smart
grid interconnection compatibility.
Besides hardware testbeds, simulation models of the power
system should be used to create a hardware-in-the-loop
(HIL) environment [72], [85] to test the interoperability of
GCPEC baseline testbeds and study their impacts on the
power system’s operations. Paper [3] did a comprehensive
review of modeling approaches, simulation software, and
analysis methods to investigate the cyber security problems
in cyber-physical power systems (CPPS). Table 9 summa-
rizes the modeling approaches, depending on the interactions
between the physical layer and cyber layer of CPPS, in the
aspects of time, space, and scales. Tables 2∼4 of [3] list the
characteristics of different schemes in attack graph modeling,
the detailed taxonomy of network attack model, and the com-
mon analytical models of power system applications under
cyberattacks, respectively. Also, a list of common simulation
tool candidates is presented in Table 5 of [3]. These tables
and information can be used as good references for power
system modeling for cybersecurity analysis. The hardware of
the GCPEC prototype can be integrated and interact with the
power system modeling in software in a HIL environment in
real-time. Many commercial HIL components and systems
can be considered for this application, such as the dSpace-
1104 R&D controller board [86], National Instruments (NI)
HIL [87], OPAL-RT HIL [88], and Typhoon HIL [89]. Below
are some examples of HIL testbed:
1. a real-time simulation in OPAL-RT environment with
HYPERSIM software to emulate CIGRE LV distribu-
tion system and IEEE 37-bus distribution systems [41].
The detailed description of the testbed can be referred
from [90];
2. a real-time simulation in Typhoon HIL environment
to emulate a smart electric grid with the extension of
IEC-61850 to electric vehicle aggregators for commu-
nication [62];
3. a HIL testbed consists of two PLECS-RT Box-1 HIL
platforms and a dSPACE MicroLabBox unit, to emu-
late a group of modular multilevel converters with
FDIA detectors in HVdc transmission systems [45];
4. a HIL testbed consists of a real-time grid simulator as
OPAL-RT, a cyber system testbed using real network
systems and a server, and penetration testing tools gen-
erating live advanced persisteOnt threat (APT)-style
attacks as real cyber events [91], [92].
These HIL testbeds simulate GCPEC’s behavior in real-time
software environment, and have potential of being expanded
to integrate actual GCPEC hardware as needed.
TABLE 9. List of power system modeling approaches for cybersecurity
analysis (summarized from [3]).
VI. CONCLUSION
In this article, the cybersecurity issues of grid-connected
power electronics converters are reviewed comprehensively,
in the aspects of vulnerabilities, countermeasures, and
testbeds. The cybersecurity of GCPECs includes vulnera-
bilities in both the cyber layer and physical layer, which
must be considered simultaneously and coordinate well with
each other. When evaluating the feasibility of countermea-
sure candidates to cyberattacks, the detection and mitigation
approaches should consider the complexity of algorithms
to be applied and assess the limits of computing and data
processing capabilities in GCPECs. At the same time, the
countermeasures should meet their relevant standards (such
as IEEE-1547.1, IEEE-2030.5, IEC-61850, and IEC-62351)
to ensure the interoperability and cybersecurity of GCPEC
devices in smart grids.
113556 VOLUME 11, 2023
15. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
In addition, some existing testbeds of GCPECs are intro-
duced here for cybersecurity experimental validations. As a
‘‘new-new’’ technology, these testbed examples are ground-
breaking efforts and can be used as references by peers to
explore novel and suitable hardware testbeds to meet their
needs of cybersecurity verification and validation. Further-
more, based on the review and analysis of the vulnerabilities,
countermeasures, and testbeds throughout this article, four
recommendations are raised for future research on GCPECs
and their applications in smart grids, which include: 1) fea-
sibility assessment of cybersecurity detection and mitigation
methods; 2) novel hardware-hardening approaches; 3) coor-
dination of cybersecurity standards; and 4) development of
new testbeds as the baseline for cybersecurity study.
REFERENCES
[1] T. S. Ustun and S. M. S. Hussain, ‘‘A review of cybersecurity issues in
smartgrid communication networks,’’ in Proc. Int. Conf. Power Electron.,
Control Autom. (ICPECA), New Delhi, India, Nov. 2019, pp. 1–6.
[2] R. M. Lee, M. J. Assante, and T. Conway, ‘‘Analysis of the cyber attack on
the ukrainian power grid,’’ E-ISAC, SANS ICS., Tech. Rep., Mar. 2016.
[Online]. Available: https://media.kasperskycontenthub.com/wp-content/
uploads/sites/43/2016/05/20081514/E-ISAC_SANS_Ukraine_DUC_5.pdf
[3] R. V. Yohanandhan, R. M. Elavarasan, P. Manoharan, and L. Mihet-Popa,
‘‘Cyber-physical power system (CPPS): A review on modeling, simula-
tion, and analysis with cyber security applications,’’ IEEE Access, vol. 8,
pp. 151019–151064, 2020.
[4] J. Lázaro, A. Astarloa, M. Rodríguez, U. Bidarte, and J. Jiménez, ‘‘A survey
on vulnerabilities and countermeasures in the communications of the smart
grid,’’ Electronics, vol. 10, no. 16, p. 1881, Aug. 2021, doi: 10.3390/elec-
tronics10161881.
[5] J. Jithish, B. Alangot, N. Mahalingam, and K. S. Yeo, ‘‘Distributed
anomaly detection in smart grids: A federated learning-based approach,’’
IEEE Access, vol. 11, pp. 7157–7179, 2023.
[6] H. Alan Mantooth, R. Zane, and M. Manjrekar, ‘‘Guest editorial special
section on cybersecurity of power electronics through hardware hard-
ening,’’ IEEE J. Emerg. Sel. Topics Power Electron., vol. 10, no. 1,
pp. 1255–1257, Feb. 2022.
[7] Y. Li and J. Yan, ‘‘Cybersecurity of smart inverters in the smart grid:
A survey,’’ IEEE Trans. Power Electron., vol. 38, no. 2, pp. 2364–2383,
Feb. 2023.
[8] F. Zhang and Q. Li, ‘‘Security vulnerability and patch management in
electric utilities: A data-driven analysis,’’ in Proc. 1st Workshop Radical
Experiential Secur., Incheon, South Korea, May 2018, pp. 65–68.
[9] G. Bere, B. Ahn, J. J. Ochoa, T. Kim, A. A. Hadi, and J. Choi, ‘‘Blockchain-
based firmware security check and recovery for smart inverters,’’ in Proc.
IEEE Appl. Power Electron. Conf. Expo. (APEC), Phoenix, AZ, USA,
Jun. 2021, pp. 675–679.
[10] J. Qi, A. Hahn, X. Lu, J. Wang, and C. Liu, ‘‘Cybersecurity for distributed
energy resources and smart inverters,’’ IET Cyber-Phys. Syst., Theory
Appl., vol. 1, no. 1, pp. 28–39, Dec. 2016.
[11] T. Kim, J. Ochoa, T. Faika, H. A. Mantooth, J. Di, Q. Li, and Y. Lee,
‘‘An overview of cyber-physical security of battery management systems
and adoption of blockchain technology,’’ IEEE J. Emerg. Sel. Topics Power
Electron., vol. 10, no. 1, pp. 1270–1281, Feb. 2022.
[12] A. Chandwani, S. Dey, and A. Mallik, ‘‘Cybersecurity of onboard charging
systems for electric vehicles—Review, challenges and countermeasures,’’
IEEE Access, vol. 8, pp. 226982–226998, 2020.
[13] B. Yang, L. Guo, F. Li, J. Ye, and W. Song, ‘‘Impact analysis of data
integrity attacks on power electronics and electric drives,’’ in Proc. IEEE
Transp. Electrific. Conf. Expo (ITEC), Detroit, MI, USA, Jun. 2019,
pp. 1–6.
[14] E. Axell, P. Eliardsson, S. Ö. Tengstrand, and K. Wiklundh, ‘‘Power
control in interference channels with class a impulse noise,’’ IEEE Wireless
Commun. Lett., vol. 6, no. 1, pp. 102–105, Feb. 2017.
[15] T. S. Ustun, ‘‘Cybersecurity vulnerabilities of smart inverters and their
impacts on power system operation,’’ in Proc. Int. Conf. Power Electron.,
Control Autom. (ICPECA), New Delhi, India, Nov. 2019, pp. 1–4.
[16] Communication Networks and Systems for Power Utility Automation,
Part 90-7: Object Models for Power Converters in Distributed Energy
Resources (DER) Systems, Standard IEC/TR 61850-90-7, International
Electrotechnical Commission (IEC), Feb. 2013.
[17] J. Ahn, J. Chung, T. Kim, B. Ahn, and J. Choi, ‘‘An overview of quantum
security for distributed energy resources,’’ in Proc. IEEE 12th Int. Symp.
Power Electron. Distrib. Gener. Syst. (PEDG), Jun. 2021, pp. 1–7.
[18] A. A. Hadi, G. Bere, T. Kim, J. J. Ochoa, J. Zeng, and G.-S. Seo, ‘‘Secure
and cost-effective micro phasor measurement unit (PMU)-like metering for
Behind-the-Meter (BTM) solar systems using blockchain-assisted smart
inverters,’’ in Proc. IEEE Appl. Power Electron. Conf. Expo. (APEC),
Mar. 2020, pp. 2369–2375.
[19] J. Choi, B. Ahn, G. Bere, S. Ahmad, H. A. Mantooth, and T. Kim,
‘‘Blockchain-based Man-in-the-Middle (MITM) attack detection for pho-
tovoltaic systems,’’ in Proc. IEEE Design Methodol. Conf. (DMC), Bath,
United Kingdom, Jul. 2021.
[20] N. Prusty, Building Blockchain Projects, 1st ed. Birmingham, U.K.: Packt,
Apr. 2017.
[21] M. A. Khan and K. Salah, ‘‘IoT security: Review, blockchain solutions,
and open challenges,’’ Future Gener. Comput. Syst., vol. 82, pp. 395–411,
May 2018.
[22] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, ‘‘Blockchain for
IoT security and private: The study of a smart home,’’ in Proc. IEEE Int.
Conf. Pervasive Comput. Commun. Workshops, Kona, HI, USA, Mar. 2017,
pp. 618–623.
[23] A. Miller, Y. Xia, K. Croman, E. Shi, and D. Song, ‘‘The honey badger of
BFT protocols,’’ in Proc. ACM SIGSAC Conf. Comput. Commun. Secur.
(CCS), Vienna, Austria, Oct. 2016, pp. 31–42.
[24] I. Makhdoom, M. Abolhasan, H. Abbas, and W. Ni, ‘‘Blockchain’s adop-
tion in IoT: The challenges, and a way forward,’’ J. Netw. Comput. Appl.,
vol. 125, pp. 251–279, Jan. 2019.
[25] Y. Son, J. Jeong, and Y. Lee, ‘‘Design of the secure compiler for the IoT
services,’’ Adv. Sci. Technol. Lett., vol. 110, pp. 67–70, Feb. 2015.
[26] T. Ji, Y. Wu, C. Wang, X. Zhang, and Z. Wang, ‘‘The coming era of
AlphaHacking?: a survey of automatic software vulnerability detection,
exploitation and patching techniques,’’ in Proc. IEEE 3rd Int. Conf. Data
Sci. Cyberspace (DSC), Guangzhou, China, Jun. 2018, pp. 53–60.
[27] B. Lee and J.-H. Lee, ‘‘Blockchain-based secure firmware update for
embedded devices in an Internet of Things environment,’’ J. Supercomput.,
vol. 73, no. 3, pp. 1152–1167, Mar. 2017.
[28] M. Salfer and C. Eckert, ‘‘Attack graph-based assessment of exploitability
risks in automotive on-board networks,’’ in Proc. 13th Int. Conf. Availabil-
ity, Rel. Secur., Hamburg, Germany, Aug. 2018, pp. 1–10.
[29] M. R. Moore, R. A. Bridges, F. L. Combs, M. S. Starr, and S. J. Prowell,
‘‘Modeling inter-signal arrival times for accurate detection of CAN bus
signal injection attacks: A data-driven approach to in-vehicle intrusion
detection,’’ in Proc. 12th Annu. Conf. Cyber Inf. Secur. Res., Oak Ridge,
TN, USA, Apr. 2017, pp. 1–4.
[30] T. Le, L. Weaver, J. Di, S. Zhang, and Y. Jin, ‘‘Hardware trojan detection
and functionality determination for soft IPs,’’ in Proc. IEEE 3rd Int. Verifi-
cation Secur. Workshop (IVSW), Costa Brava, Spain, Jul. 2018, pp. 56–61.
[31] M. Haque, M. N. Shaheed, and S. Choi, ‘‘Deep learning based micro-grid
fault detection and classification in future smart vehicle,’’ in Proc. IEEE
Transp. Electrific. Conf. Expo (ITEC), Long Beach, CA, USA, Jun. 2018,
pp. 1082–1087.
[32] P. Otte, M. de Vos, and J. Pouwelse, ‘‘TrustChain: A sybil-resistant scal-
able blockchain,’’ Future Gener. Comput. Syst., vol. 107, pp. 770–780,
Jun. 2020.
[33] K. Toyoda, P. T. Mathiopoulos, I. Sasase, and T. Ohtsuki, ‘‘A novel
blockchain-based product ownership management system (POMS) for
anti-counterfeits in the post supply chain,’’ IEEE Access, vol. 5,
pp. 17465–17477, Jun. 2017.
[34] I. Cox, M. Miller, J. Bloom, J. Fridrich, and T. Kalker, Digital Watermark-
ing and Steganography, 1st ed. Morgan Kaufmann, Nov. 2008.
[35] J. Ramos-Ruiz, J. Kim, W.-H. Ko, T. Huang, P. Enjeti, P. R. Kumar, and
L. Xie, ‘‘An active detection scheme for cyber attacks on grid-tied PV
systems,’’ in Proc. IEEE CyberPELS (CyberPELS), Miami, FL, USA,
Oct. 2020, pp. 1–6.
[36] J. Kim, W.-H. Ko, and P. R. Kumar, ‘‘Cyber-security with dynamic water-
marking for process control systems,’’ in Proc. AIChE Annu. Meeting,
2019.
VOLUME 11, 2023 113557
16. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
[37] B. Satchidanandan and P. R. Kumar, ‘‘Dynamic watermarking: Active
defense of networked cyber–physical systems,’’ Proc. IEEE, vol. 105,
no. 2, pp. 219–240, Feb. 2017.
[38] J. Ramos-Ruiz, H. Ibrahim, J. Kim, W. H. Ko, T. Huang, P. Enjeti,
P. R. Kumar, and L. Xie, ‘‘Validation of a robust cyber shield for a grid
connected PV inverter system via digital watermarking principle,’’ in
Proc. IEEE 12th Int. Symp. Power Electron. Distrib. Gener. Syst. (PEDG),
Chicago, IL, USA, Jun./Jul. 2021, pp. 1–6.
[39] A. Khan, M. Hosseinzadehtaher, M. B. Shadmand, D. Saleem, and
H. Abu-Rub, ‘‘Intrusion detection for cybersecurity of power electronics
dominated grids: Inverters PQ set-points manipulation,’’ in Proc. IEEE
CyberPELS (CyberPELS), Miami, FL, USA, Oct. 2020, pp. 1–8.
[40] W. J. Tzeng and F. Y. Wu, ‘‘Theory of impedance networks: The two-point
impedance and LC resonances,’’ J. Phys. A, Math. Gen., vol. 39, no. 27,
pp. 8579–8591, Jul. 2006.
[41] K. Gupta, S. Sahoo, R. Mohanty, B. K. Panigrahi, and F. Blaabjerg,
‘‘Distinguishing between cyber attacks and faults in power electronic
systems—A noninvasive approach,’’ IEEE J. Emerg. Sel. Topics Power
Electron., vol. 11, no. 2, pp. 1578–1588, Apr. 2023.
[42] A. A. Khan, O. A. Beg, M. Alamaniotis, and S. Ahmed, ‘‘Intelligent
anomaly identification in cyber-physical inverter-based systems,’’ Electr.
Power Syst. Res., vol. 193, Apr. 2021, Art. no. 107024.
[43] O. A. Beg, L. V. Nguyen, T. T. Johnson, and A. Davoudi, ‘‘Cyber-
physical anomaly detection in microgrids using time-frequency
logic formalism,’’ IEEE Access, vol. 9, pp. 20012–20021, 2021, doi:
10.1109/ACCESS.2021.3055229.
[44] S. Sahoo, Y. Yang, and F. Blaabjerg, ‘‘Resilient synchronization strategy
for AC microgrids under cyber attacks,’’ IEEE Trans. Power Electron.,
vol. 36, no. 1, pp. 73–77, Jan. 2021, doi: 10.1109/TPEL.2020.3005208.
[45] C. Burgos-Mellado, C. Zuñiga-Bauerle, D. Muñoz-Carpintero,
Y. Arias-Esquivel, R. Cárdenas-Dobson, T. DragiCevic, F. Donoso,
and A. Watson, ‘‘Reinforcement learning-based method to exploit
vulnerabilities of false data injection attack detectors in modular
multilevel converters,’’ IEEE Trans. Power Electron., vol. 38, no. 7,
pp. 8907–8921, Jul. 2023.
[46] Y. Chen, W. Qiu, X. Liu, and Y. Kang, ‘‘A parallel control framework of
analog proportional integral and digital model predictive controllers for
enhancing power converters cybersecurity,’’ IEEE J. Emerg. Sel. Topics
Power Electron., vol. 10, no. 1, pp. 1258–1269, Feb. 2022.
[47] Texas Instruments. TMS320F28335. [Online]. Available:
https://www.ti.com/product/TMS320F28335
[48] C. Farnell, E. Soria, J. Jackson, and H. A. Mantooth, ‘‘Cyber protection of
grid-connected devices through embedded online security,’’ in Proc. IEEE
Design Methodol. Conf. (DMC), Bath, U.K., Jul. 2021.
[49] V. V. Makarov, Y. B. Frolov, I. S. Parshina, and M. V. Ushakova,
‘‘The design concept of digital twin,’’ in Proc. 12th Int. Conf. Manag.
Large-Scale Syst. Develop. (MLSD), Moscow, Russia, Oct. 2019, pp. 1–4,
doi: 10.1109/MLSD.2019.8911091.
[50] Z. Xu, ‘‘Source code and binary level vulnerability detection and hot
patching,’’ in Proc. 35th IEEE/ACM Int. Conf. Automated Softw. Eng.
(ASE), Melbourne, VIC, Australia, Sep. 2020, pp. 1397–1399.
[51] H. Jeong, J. Baik, and K. Kang, ‘‘Functional level hot-patching platform
for executable and linkable format binaries,’’ in Proc. IEEE Int. Conf. Syst.,
Man, Cybern. (SMC), Banff, AB, Canada, Oct. 2017, pp. 489–494, doi:
10.1109/SMC.2017.8122653.
[52] F. Pozo, G. Rodriguez-Navas, and H. Hansson, ‘‘Work-in-progress: A hot-
patching protocol for repairing time-triggered network schedules,’’ in Proc.
IEEE Real-Time Embedded Technol. Appl. Symp. (RTAS), Porto, Portugal,
Apr. 2018, pp. 89–92, doi: 10.1109/RTAS.2018.00015.
[53] A. Ramaswamy, S. Bratus, S. W. Smith, and M. E. Locasto, ‘‘Katana:
A hot patching framework for ELF executables,’’ in Proc. Int. Conf.
Availability, Rel. Secur., Krakow, Poland, Feb. 2010, pp. 507–512, doi:
10.1109/ARES.2010.112.
[54] S. M. S. Hussain, T. S. Ustun, and A. Kalam, ‘‘A review of IEC 62351
security mechanisms for IEC 61850 message exchanges,’’ IEEE Trans. Ind.
Informat., vol. 16, no. 9, pp. 5643–5654, Sep. 2020.
[55] W. Stallings, Cryptography and Network Security: Principles and Prac-
tice, 7th ed. London, U.K.: Pearson, 2017.
[56] J. Hong, C.-C. Liu, and M. Govindarasu, ‘‘Detection of cyber intru-
sions using network-based multicast messages for substation automation,’’
in Proc. Innov. Smart Grid Technol. (ISGT), Washington, DC, USA,
Feb. 2014, pp. 1–5.
[57] N. Kush, E. Ahmed, M. Branagan, and E. Foo, ‘‘Poisoned GOOSE:
Exploiting the GOOSE protocol,’’ in Proc. 12th Australas. Inf. Secur. Conf.
(AISC), Auckland, New Zealand, Feb. 2014, pp. 17–22.
[58] L. E. da Silva and D. V. Coury, ‘‘A new methodology for real-time detection
of attacks in IEC 61850-based systems,’’ Electr. Power Syst. Res., vol. 143,
pp. 825–833, Feb. 2017.
[59] M. C. Magro, P. Pinceti, L. Rocca, and G. Rossi, ‘‘Safety related functions
with IEC 61850 GOOSE messaging,’’ Int. J. Electr. Power Energy Syst.,
vol. 104, pp. 515–523, Jan. 2019.
[60] M. El Hariri, E. Harmon, T. Youssef, M. Saleh, H. Habib, and
O. Mohammed, ‘‘The IEC 61850 sampled measured values protocol: Anal-
ysis, threat identification, and feasibility of using NN forecasters to detect
spoofed packets,’’ Energies, vol. 12, no. 19, p. 3731, Sep. 2019.
[61] B. Kang, P. Maynard, K. McLaughlin, S. Sezer, F. Andrén, C. Seitl,
F. Kupzog, and T. Strasser, ‘‘Investigating cyber-physical attacks against
IEC 61850 photovoltaic inverter installations,’’ in Proc. IEEE 20th Conf.
Emerg. Technol. Factory Autom. (ETFA), Luxembourg City, Luxembourg,
Sep. 2015, pp. 1–8.
[62] H. Palahalli, M. Hemmati, and G. Gruosso, ‘‘Analysis and design of a
smart controller for managing penetration of renewable energy including
cybersecurity issues,’’ Electronics, vol. 11, no. 12, p. 1861, Jun. 2022, doi:
10.3390/electronics11121861.
[63] J. Johnson, B. Fox, K. Kaur, and J. Anandan, ‘‘Evaluation of interopera-
ble distributed energy resources to IEEE 1547.1 using SunSpec modbus,
IEEE 1815, and IEEE 2030.5,’’ IEEE Access, vol. 9, pp. 142129–142146,
Oct. 2021.
[64] Inverters, Converters, Controllers and Interconnection System Equipment
for Use With Distributed Energy Resources, Standard UL 1741, Underwrit-
ers Laboratories, 2016.
[65] J. Johnson, S. Gonzalez, M. E. Ralph, A. Ellis, and R. Broderick, ‘‘Test pro-
tocols for advanced inverter interoperability functions-appendices,’’ San-
dia Nat. Laboratories, Albuquerque, NM, USA, Tech. Rep. SAND2013-
9875, 2013.
[66] J. Johnson, S. Gonzalez, M. E. Ralph, A. Ellis, and R. Broderick, ‘‘Test pro-
tocols for advanced inverter interoperability functions-main document,’’
Sandia Nat. Lab., Albuquerque, NM, USA, Tech. Rep. SAND2013-9880,
2013.
[67] J. Johnson, R. Bründlinger, C. Urrego, and R. Alonso, ‘‘Collaborative
development of automated advanced interoperability certification test pro-
tocols for PV smart grid integration,’’ in Proc. Eur. Photovolt. Sol. Energy
Conf. Exhib. (PVSEC), Amsterdam, The Netherlands, Sep. 2014, pp. 1–7.
[68] J. B. Ahn, J. J. Lee, J. Johnson, and J. H. Bae, ‘‘Test results for advanced
inverter functions based-on IEC 61850-90-7,’’ in Proc. 5th Asia–Pacific
Forum Renew. Energy (AFORE), Jeju, South Korea, Nov. 2015, pp. 1–13.
[69] M. Verga, R. Lazzari, J. Johnson, D. Rosewater, C. Messner, and
J. Hashimoto, ‘‘SIRFN draft test protocols for advanced battery energy
storage system interoperability functions,’’ in Proc. IEA-ISGAN Annex,
2016.
[70] D. M. Rosewater, J. T. Johnson, M. Verga, R. Lazzari, C. Messner,
K. Johannes, J. Hashimoto, and K. Otani, ‘‘International development of
energy storage interoperability test protocols for photovoltaic integration,’’
in Proc. EU PVSEC, Hamburg, Germany, Sep. 2015, pp. 1–11.
[71] J. Johnson, E. Apablaza-Arancibia, N. Ninad, D. Turcotte, A. Prieur,
R. Ablinger, R. Brïndlinger, T. Moore, R. Heidari, J. Hashimoto, C. Cho,
R. S. Kumar, J. Kumar, M. Verga, J. L. S. Farias, J. G. M. Tena,
F. Baumgartner, I. V. Temez, R. A. Segade, and B. Fox, ‘‘International
development of a distributed energy resource test platform for electrical
and interoperability certification,’’ in Proc. IEEE 7th World Conf. Pho-
tovolt. Energy Convers. (WCPEC), Joint Conf. 45th IEEE PVSC, 28th
PVSEC 34th EU PVSEC, Waikoloa, HI, USA, Jun. 2018, pp. 2492–2497.
[72] J. Johnson, R. Ablinger, R. Bruendlinger, B. Fox, and J. Flicker, ‘‘Inter-
connection standard grid-support function evaluations using an auto-
mated Hardware-in-the-Loop testbed,’’ IEEE J. Photovolt., vol. 8, no. 2,
pp. 565–571, Mar. 2018.
[73] N. Ninad, E. Apablaza-Arancibia, M. Bui, J. Johnson, S. Gonzalez,
W. Son, C. Cho, J. Hashimoto, K. Otani, R. Bründlinger, and R. Ablinger,
‘‘Development and evaluation of open-source IEEE 1547.1 test scripts
for improved solar integration,’’ in Proc. 36th Eur. Photovolt. Sol. Energy
Conf. Exhib. (PVSEC), Marseille, France, Sep. 2019, pp. 952–957.
[74] N. Ninad et al., ‘‘PV inverter grid support function assessment using open-
source IEEE P1547.1 test package,’’ in Proc. 47th IEEE Photovolt. Spec.
Conf. (PVSC), Calgary, AB, Canada, Jun. 2020, pp. 1138–1144.
113558 VOLUME 11, 2023
17. R. Fu et al.: Review of Cybersecurity in GCPECs: Vulnerabilities, Countermeasures, and Testbeds
[75] R. Darbali-Zamora, J. Johnson, N. S. Gurule, M. J. Reno, N. Ninad,
and E. Apablaza-Arancibia, ‘‘Evaluation of photovoltaic inverters under
balanced and unbalanced voltage phase angle jump conditions,’’ in Proc.
47th IEEE Photovolt. Spec. Conf. (PVSC), Calgary, AB, Canada, Jun. 2020,
pp. 1562–1569.
[76] SunSpec DER Information Model, Test Status, SunSpec Alliance, San Jose,
CA, USA, 2020.
[77] ‘‘DNP3 profile for communications with distributed energy resources
(DERs),’’ version 2018-08-22, DNP3.org, DNP Appl. Note AN2018-001,
2018.
[78] Common Smart Inverter Profile: IEEE 2030.5 Implementation Guide for
Smart Inverters, Version 2.1, San Jose, CA, USA, 2018.
[79] SunSpec Alliance Releases SVP Dashboard Test Platform to Enable IEEE
1547 Communication Testing for Distributed Energy Resources, San Jose,
CA, USA, Mar. 2021. [Online]. Available: https://sunspec.org/sunspec-
alliance-releases-svp-dashboard-test-platform-to-enable-ieee-1547-
communication-testing-for-distributed-energy-resources/
[80] S. J. Moquin, S. Kim, N. Blair, C. Farnell, J. Di, and H. A. Mantooth,
‘‘Enhanced uptime and firmware cybersecurity for grid-connected power
electronics,’’ in Proc. IEEE CyberPELS (CyberPELS), Knoxville, TN,
USA, Apr./May 2019, pp. 1–6.
[81] S. Chetan, A. Ranganathan, and R. Campbell, ‘‘Towards fault tolerance
pervasive computing,’’ IEEE Technol. Soc. Mag., vol. 24, no. 1, pp. 38–44,
Spring 2005.
[82] Solar Micro Inverter Development Kit, Texas Instrum. [Online]. Available:
http://www.ti.com/tool/TMDSSOLARUINVKIT
[83] LattePanda. [Online]. Available: https://www.lattepanda.com/
[84] S. Ghandali, T. Moos, A. Moradi, and C. Paar, ‘‘Side-channel hardware
trojan for provably-secure SCA-protected implementations,’’ IEEE Trans.
Very Large Scale Integr. (VLSI) Syst., vol. 28, no. 6, pp. 1435–1448,
Jun. 2020.
[85] R. Fu, Y. Zhang, and S. Bhatta, ‘‘An easily-installed hardware-in-the-
loop (HIL) inverter system for power electronics teaching,’’ in Proc. IEEE
12th Int. Conf. Power Electron. Drive Syst. (PEDS), Honolulu, HI, USA,
Dec. 2017, pp. 48–52.
[86] DS1104 R&D Controller Board, dSPACE. [Online]. Available:
https://www.dspace.com/en/inc/home/products/hw/singbord/ds1104.cfm
[87] Hardware-in-the-Loop (HIL) Testing for Industrial Systems,
National Instruments. [Online]. Available: https://www.ni.com/en-
us/solutions/industrial-machinery/hardware-in-the-loop-hil-testing-for-
industrial-systems.html
[88] Hardware-in-the-Loop, OPAL-RT. [Online]. Available: https://www.opal-
rt.com/hardware-in-the-loop/
[89] Typhoon HIL. [Online]. Available: https://www.typhoon-hil.com/
[90] K. Gupta, S. Sahoo, B. K. Panigrahi, F. Blaabjerg, and P. Popovski, ‘‘On the
assessment of cyber risks and attack surfaces in a real-time co-simulation
cybersecurity testbed for inverter-based microgrids,’’ Energies, vol. 14,
no. 16, p. 4941, Aug. 2021.
[91] K. Park, B. Ahn, J. Kim, D. Won, Y. Noh, J. Choi, and T. Kim,
‘‘An advanced persistent threat (APT)-style cyberattack testbed for dis-
tributed energy resources (DER),’’ in Proc. IEEE Design Methodol. Conf.
(DMC), Bath, U.K., Jul. 2021.
[92] S. Ahmad, B. Ahn, S. R. B. Alvee, D. Trevino, T. Kim, Y.-W. Youn,
and M.-H. Ryu, ‘‘Advanced persistent threat (APT)-style attack modeling
and testbed for power transformer diagnosis system in a substation,’’ in
Proc. IEEE Power Energy Soc. Innov. Smart Grid Technol. Conf. (ISGT),
New Orleans, LA, USA, Apr. 2022.
RUIYUN FU (Senior Member, IEEE) received
the B.S. and M.S. degrees in electrical engineer-
ing from the Huazhong University of Science and
Technology, Wuhan, China, in 2004 and 2007,
respectively, and the Ph.D. degree in electrical
engineering from the University of South Carolina,
Columbia, SC, USA, in 2013.
She is currently an Associate Professor with the
Department of Electrical and Computer Engineer-
ing, School of Engineering, Mercer University,
Macon, GA, USA. Her research interests include power electronics and
power systems, DC/DC converters and DC/AC inverters, renewable energy
conversion system design, the modeling and simulation of power semicon-
ductor devices for switching converter applications, and the modeling and
simulation of wide bandgap semiconductor devices (SiC and GaN).
MARY E. LICHTENWALNER was born in
Lawrenceville, GA, USA. She received the Bach-
elor of Science degree in engineering with a focus
on electrical engineering from Mercer University,
Macon, GA, in 2022, where she is currently pur-
suing the Master of Science degree in engineering
with a specialization in electrical engineering. She
is also a Staff Electrical Engineer with the Mercer
Engineering Research Center, Warner Robins, GA,
working on electronic warfare.
THOMAS J. JOHNSON received the bachelor’s
degree from Mercer University, Macon, GA, USA.
He is currently pursuing the Bachelor of Science in
Engineering (B.S.E.) degree with a specialization
in electrical engineering.
VOLUME 11, 2023 113559