Cybersecurity of distributed energy resource systems in the smart grid: A survey

Distributed energy resources (DERs) are increasingly proliferating worldwide, driven by their benefits in promoting energy sustainability, efficiency, and resiliency. Coordinated approaches are crucial for aggregating diverse DERs across large areas, yet the increasing reliance on information technology exposes power systems to cyber attacks. What are the evolving cyber threats, vulnerabilities, and risks associated with integrating DERs in various applications? Moreover, how can a comprehensive defense-in-depth framework be developed to efficiently coordinate multiple stakeholders, ensuring DERs performance for power system operation against cyber attacks? To address these inquiries, this paper presents a comprehensive review of DER cybersecurity to assess its current status and identify research gaps. The review begins with an overview of DER systems and their cybersecurity risks based on the five-level hierarchical infrastructure established by the Electric Power Research Institute (EPRI). Subsequently, the study delves into current cybersecurity considerations from utilities and industries, examining requirements, guidelines/standards, and reference frameworks. The review further explores efforts in DER cyber risk analysis, mapping prominent vulnerabilities and attack schemes against different applications within the EPRI hierarchical architecture. The defense strategies proposed in the literature are also mapped, highlighting use cases for prevention, detection, and mitigation. Finally, analyzing research gaps and emerging technologies sheds light on critical DER cybersecurity issues and future research directions.