Fortified Cyber Defense in DER Management Systems (CyDERFORT)

There is increasing interest of cybercriminals to learn how energy facilities operate, gain unauthorized access to especially grid operation or electricity generation systems control and communication infrastructures, and improve their abilities for direct (by themselves) or indirect (causing misinformed operator decisions and actions) sabotage of critical energy infrastructure. In the area of DER management, there are a wide range of solution providers that mainly prioritize provision of cost-effectiveness, user-friendly interfaces, and provision of novel features, mainly relying on authentication protocols and encrypted communication against cybersecurity threats and vulnerabilities. Aggregated DER management solutions in the field have reached massive scales, allowing coordination of over a thousand EV chargers on-premise, having remote control over several GW-scale portfolio and providing hundreds of MW-scale flexibilities from hundreds to thousands of grid-edge assets. Such high amounts of control and coordination availabilities are likely to become the target of sophisticated cyberattacks in the near future, having the risk of affecting grid operation from local to even utility-scale, leading to significant technical, financial and social consequences. Therefore, sophisticated attack detection, emergency response and post-incident 
fast restoration approaches are needed to be developed. 

CyDERFORT project focuses on developing countermeasures against sophisticated cyberattacks that can target Distributed Energy Resource Management Systems (DERMS). The project has three objectives; namely, to characterize and quantify the impacts of emerging hard to detect attacking strategies on DER management systems in distribution networks, to develop and validate attack detection methodologies, to develop and validate attack emergency response methodologies through studies combining the availabilities of the research infrastructure and extensive simulations. Beyond its primary objectives, the project contributes to determination of use cases 
and test cases that can easily be adopted and used in similar research activities in the area of cybersecurity of DERMS and power systems. 

In the first stage of the project, emulated travelling False Data Injection (FDI), epidemic FDI, Denial of Service (DoS) and replay cyberattacks’ are performed on the testing infrastructure. In the second stage of the research activities, cyberattack detection methodologies are validated using the attack data collected from the field tests. In the final stage of the project, critical operation sustainability methods are validated in simulation scenarios that utilize realistic testing data. The study is concluded by discussing open issues and providing recommendations for future research.