Impact Assessment of Cyberattacks in Inverter-Based Microgrids

In recent years, the evolution of modern power grids has been driven by the growing integration of remotely controlled grid assets. Although Distributed Energy Resources (DERs) and Inverter-Based Resources (IBRs) enhance operational efficiency, they also introduce cybersecurity risks. The remote accessibility of such critical grid components creates entry points for attacks that adversaries could exploit, posing threats to the stability of the system. To evaluate the resilience of energy systems under such threats, this study employs real-time simulation and a modified version of the IEEE 39-bus system that incorporates a Microgrid (MG) with solar-based IBR. The study assesses the impact of remote attacks impacting the MG stability under different levels of IBR penetration through hardware-in-the-loop (HIL) simulations. Namely, we analyze voltage, current, and frequency profiles before, during, and after cyberattack-induced disruptions. The results demonstrate that real-time HIL testing is a practical approach to uncover potential risks and develop robust mitigation strategies for resilient MG operations.

💡 Research Summary

The paper investigates the cyber‑physical vulnerability of inverter‑based microgrids (MGs) by integrating a solar photovoltaic (PV) inverter and a synchronous generator into a modified IEEE‑39‑bus transmission system and conducting real‑time hardware‑in‑the‑loop (HIL) simulations. Two generation mixes are examined: a balanced 50 % PV / 50 % synchronous case (System I) and a PV‑dominated 70 % / 30 % case (System II). The point of common coupling (PCC) at bus 24 is equipped with a remotely controllable circuit breaker (CB) that an adversary can manipulate via a compromised Raspberry Pi. The attacker follows a three‑stage process—monitoring, anomaly detection (a single‑phase‑to‑ground fault), and CB actuation—implementing two attack scenarios: (1) a single forced islanding event (CB opened at t = 1 s, re‑closed at t = 1.5 s) and (2) a rapid CB‑switching attack (three open‑close cycles within 0.5 s).

Simulation results show that in the balanced system the frequency dip during islanding stays within IEEE 1547 limits (≈ 0.04 Hz below nominal) and recovers within one second after reconnection; voltage and current amplitudes decrease slightly but remain sinusoidal, indicating stable local power delivery. In the PV‑dominated system, reduced inertia leads to deeper frequency excursions during islanding, though the system still settles near 60 Hz within a comparable time frame. The switching attack compounds disturbances: each CB opening causes a sharp frequency drop, and because the breaker closes before full recovery, the dips accumulate, producing larger swings and transient over‑frequency spikes upon each reconnection. Voltage waveforms reveal phase‑to‑ground fault effects: Phase 1 voltage collapses to zero while Phases 2 and 3 experience increased peak currents, creating asymmetrical loading that could accelerate equipment heating and insulation degradation.

The study highlights that higher IBR penetration amplifies susceptibility to cyber‑induced islanding and switching attacks due to lower system inertia, yet the use of grid‑forming (GFM) inverters mitigates these effects by providing fast voltage and frequency regulation. Moreover, the HIL platform proves effective for exposing hidden vulnerabilities and testing mitigation strategies without endangering real‑world infrastructure. The authors conclude that future MG designs must jointly consider IBR share, inertia‑support mechanisms, and robust cyber‑security controls to ensure resilient operation under both normal and adversarial conditions.