The power control system plays a vital role in maintaining power supply in response to customer demand. An imbalance between supply and demand can cause system frequency instability, threatening the operational security of the power system. A central control scheme is commonly employed in traditional power systems, and the scheme features a single control center which collects information from and sends control commands to all agents. However, such a central control architecture no longer meets the need of current power systems. For example, geographically dispersed distributed generators are increasingly integrated into the power grid. These are not suitable for coordination by central control because of the requirement of plug and plug operation [29, 30]. Central control is also not applicable to microgrid operation, where distributed generators are required to supply power in island mode [31]. Because of its reliability, scalability, and flexibility, distributed control is preferred over central control [32,33,34]. However, in distributed control, local controllers have access to local information and neighbor information, and hence are vulnerable to cyber-attack. A malicious entity can disrupt data exchange among neighboring local controllers by launching FDI attacks [16,17,18,19,20].

### 4.1 FDI attack on distributed generator

Considering a converter-based distributed generator *i*, *P*_{i} and *P*_{i,max} are the active power output and the maximal power, respectively. Using the *d*-*q* transformation, the *d*- and *q*- axis voltages can be computed by *U*_{di} = *U*_{i} and *U*_{qi} = 0. Assuming the *d*- and *q*- axis currents are *I*_{di} and *I*_{qi}, respectively, the active power output can be obtained by:

$$ {P}_i={U}_{di}{I}_{di}+{U}_{qi}{I}_{qi}={U}_i{I}_{di} $$

(40)

If the power converter is controlled by a grid-feeding scheme [31], *I*_{di} should converge to its reference value *I*_{di_ref} in a sampling period of *T*. In the *k*^{th} iteration, *I*_{di_ref} can be determined by

$$ {I}_{di\_ ref}(k)={P}_{i,\max }{\alpha}_i(k)/{U}_i(k) $$

(41)

where the design parameter *α*_{i} denotes the utilization ratio defined by *P*_{i} / *P*_{i,max}. When *I*_{di} converges to *I*_{di_ref} in the *k*^{th} iteration, *P*_{i}(*k*) = *P*_{i, max} *α*_{i}(*k*).

According to (41), the active power output of distributed generator *i* can be regulated by altering the utilization ratio *α*_{i}. Since the rated power of converter-based distributed generators is relatively small, multiple distributed generators are used in a distribution network for increased capacity. Such a system can be considered as a virtual power plant (VPP), as shown in Fig. 7, where *P*_{tran} accounts for the total active power transmitted to the transmission network.

To track the dispatch command *P*_{ref}, the group of distributed generators in a VPP are coordinated using a leader-follower consensus algorithm [16]:

$$ \alpha \left(k+1\right)= A\alpha (k)+ BK\alpha (k)+ KC $$

(42)

where *α*(*k*) = [*α*_{0}(*k*), …, *α*_{n-1}(*k*)]^{T}. *B* = [\( -{\hat{P}}_{\mathrm{max}} \)*O*_{n × (n-1)}]^{T} with \( {\hat{P}}_{\mathrm{max}} \) =[*P*_{0,max, …,} *P*_{n-1,max}]^{T} and *C* = [*P*_{ref} + *P*_{loss} + *P*_{load} *O*_{1 × (n-1)}]^{T}. *A* = [*a*_{ij}] is a weighted matrix with *a*_{ij} > 0 and \( {a}_{ii}=1-\sum \limits_{j=0,j\ne i}^{n-1}{a}_{ij} \). *K* is the controller gain and *O* is the zero matrix. *P*_{load} and *P*_{loss} represent the aggregated load power consumption and power loss in the VPP, respectively. By selecting proper *A* and *K*, the convergence of (4) can be proved [16]. When convergence is achieved, utilization ratios of all distributed generators reach an agreement and *P*_{tran} is steered to its preference value *P*_{ref}.

Equation (42) shows that the communication network among distributed generators plays a key role in the regulation of the active power output of the VPP. If the local controller of a certain distributed generator is attacked by FDI attacks, its utilization ratio will be prevented from converging to the consensus value, resulting in failed tracking of *P*_{tran} to *P*_{ref} [35, 36].

Attackers can attack the controller of a distributed generator by injecting false data into the actuator and making it send the same control command to its geographical neighbors. Assuming that *r* distributed generators are subjected to FDI attacks and considering *α*_{M}(*k*) ≡ *α*_{M} = [*αM*,. .., *αM*]^{T} and *α*_{W}(*k*) = [*α*_{r + 1}(*k*),. .., *α*_{r + n}(*k*)]^{T} are the utilization ratio vectors of misbehaving and well-behaving distributed generators, respectively, the algorithm (42) can be rewritten as:

$$ {\displaystyle \begin{array}{l}\left[\begin{array}{c}{\alpha}_0\left(k+1\right)\\ {}{\alpha}_M\left(k+1\right)\\ {}{\alpha}_W\left(k+1\right)\end{array}\right]=\left[\begin{array}{ccc}1-{KP}_{0,\max }& -{KP}_{M,\max }& -{KP}_{W,\max}\\ {}{0}_{r\times 1}& {I}_{r\times r}& {0}_{r\times \left(n-r\right)}\\ {}{A}_0& {A}_M& {A}_W\end{array}\right]\\ {}\kern6.1em \times \left[\begin{array}{c}{\alpha}_0(k)\\ {}{\alpha}_M(k)\\ {}{\alpha}_W(k)\end{array}\right]+\left[\begin{array}{c}K\left({P}_{ref}+{P}_{load}+{P}_{loss}\right)\\ {}{0}_{r\times 1}\\ {}{0}_{\left(n-r\right)\times 1}\end{array}\right]\end{array}} $$

(43)

where *I*_{r × r} is the identity matrix. [*A*_{0} *A*_{M} *A*_{W}] is equal to the *n*-*r* rows of *A + BK*. *P*_{M,max} = [*P*_{1,max},. .., *P*_{r,max}]^{T}, and *P*_{W,max} = [*P*_{(r + 1),max},. .., *P*_{n,max}]^{T}.

Note that the first term on the right-hand side of (43) can be represented by the sum of the matrix \( \tilde{A}=\left[\begin{array}{ccc}1& {0}_{1\times r}& {0}_{1\times \left(n-r\right)}\\ {}{0}_{r\times 1}& {I}_{r\times r}& {0}_{r\times \left(n-r\right)}\\ {}{A}_0& {A}_M& {A}_W\end{array}\right] \) and its perturbation matrix \( \Delta =-\left[\begin{array}{ccc}{P}_{0,\max }& {P}_{M,\max }& {P}_{W,\max}\\ {}{0}_{n\times 1}& {0}_{n\times r}& {0}_{n\times \left(n-r\right)}\end{array}\right] \). Hence perturbation theory can be employed to analyze system stability [37].

It is observed that \( \tilde{A} \) is a lower block-triangular matrix with the eigenvalues *λ*_{i} = 1 for *i* = 1,. .., *r* + 1, and the eigenvalues *λ*_{j} for *j* = *r* + 2,. .., *n*-*r*. Since the blocks *A*_{0}, *A*_{M}, and *A*_{W} are the same as the original system in (42), *λ*_{j} locates in the open unit disk. Assuming *v*_{r} and *u*_{r} are the respective left and right eigenvectors of \( \tilde{A} \) with *v*_{r}*u*_{r} = 1, when *K* is sufficiently small, the perturbation on *λ*_{i} = 1 can be characterized by [16]:

$$ {\displaystyle \begin{array}{l}{V}^T\Delta U=\left[\begin{array}{c}-{P}_{\mathrm{max}}\\ {}{0}_{r\times \left(n+1\right)}\end{array}\right]\left[{u}_1,\dots, {u}_{r+1}\right]\\ {}\kern2.85em =\left[\begin{array}{ccc}-{P}_{\mathrm{max}}{u}_1& \dots & -{P}_{\mathrm{max}}{u}_{r+1}\\ {}{0}_{r\times 1}& \dots & {0}_{r\times 1}\end{array}\right]\end{array}} $$

(44)

where *V* = [\( {v}_1^T \),. .., \( {v}_{r+1}^T \)], *U* = [\( {u}_{r+2}^T \),. .., \( {v}_{n-r}^T \)], and *P*_{max} = [*P*_{0,max},. .., *P*_{n,max}]^{T}.

*V*^{T}Δ*U* has a negative eigenvalue and an eigenvalue 0 with algebraic multiplicity *r*. Accordingly, \( \tilde{A} \) +Δ has an eigenvalue 1 with algebraic multiplicity *r* if *K* is sufficiently small. The rest of the eigenvalues lie in the open unit disk. This indicates that \( \tilde{A} \) +Δ is stable. It is straightforward to verify that the system is stable at the steady state \( {\left\{{\alpha}_0^{\ast },{\alpha_M^{\ast}}^T,{\alpha_W^{\ast}}^T\right\}}^T \) with:

\( {\alpha}_0^{\ast }=\min \left\{\max \left\{{\tilde{\alpha}}_0,0\right\},1\right\} \), \( {\alpha}_M^{\ast }={\alpha}_M \) (44)

$$ {\alpha}_W^{\ast }={\left({I}_{n-r}-{A}_W\right)}^{-1}\left[{A}_0\ {A}_M\right]\left[\begin{array}{c}{\alpha}_0^{\ast}\\ {}{\alpha}_M\end{array}\right] $$

(45)

where \( {\tilde{\alpha}}_0=\left({P}_{ref}+{P}_{load}+{P}_{loss}-{P}_{M,\max }{\alpha}_M-{P}_{W,\max }{\alpha}_W^{\ast}\right)/{P}_{0,\max } \).

The analytical results show that the well-behaving distributed generators converge to the space spanned by \( {\alpha}_0^{\ast } \) and *α*_{M}. Thus, when the false data is injected by attackers, utilization ratios of distributed generators fail to agree, preventing the active power output of a VPP from tracking the dispatch command. In addition, according to [16], the adjustable range of *P*_{tran} can be narrowed by FDI attacks in a large group of distributed generators. This degrades the controllability of the VPP.

### 4.2 FDI attack on microgrid

In a typical microgrid, a power inverter includes a DC power source, inverter bridge, power sharing unit, output filter, and voltage and current control loops. The output power dynamics of inverter *i* are:

$$ \left\{\begin{array}{l}{dP}_i/ dt=-{\omega}_{ci}{P}_i+{\omega}_{ci}\left({v}_{odi}{i}_{odi}+{v}_{oqi}{i}_{oqi}\right)\\ {}{dQ}_i/ dt=-{\omega}_{ci}{Q}_i+{\omega}_{ci}\left({v}_{odi}{i}_{odi}-{v}_{oqi}{i}_{oqi}\right)\end{array}\right. $$

(46)

where *v*_{odi} and *v*_{oqi} are the *d*- and *q*-axis components of the output voltage. *i*_{odi} and *i*_{oqi} are the *d*- and *q*-axis components of the output current. *P*_{i} and *Q*_{i} are the active and reactive output power. *ω*_{ci} is the cut-off frequency of the output filter.

The large-signal dynamic of the inverter is given by [38].

$$ \left\{\begin{array}{l}{dx}_i/ dt={f}_i\left({x}_i\right)+g\left({x}_i\right){u}_i\\ {}{y}_i={h}_i\left({x}_i\right)\end{array}\right. $$

(47)

where *x*_{i} = [*δ*_{i}, *P*_{i}, *Q*_{i}, *ϕ*_{di}, *ϕ*_{qi}, *γ*_{di}, *γ*_{qi}, *i*_{ldi}, *i*_{lqi}, *v*_{odi}, *v*_{oqi}, *i*_{odi}, *i*_{oqi}]. The detailed model of the inverter can be found in [38].

The power sharing function is realized by droop control expressed as [39,40,41,42,43]:

$$ \left\{\begin{array}{l}{\omega}_i={\omega}_{ni}-{m}_{pi}{P}_i\\ {}{v}_{mag,i}={V}_{ni}-{n}_{qi}{Q}_i\end{array}\right. $$

(48)

where *v*_{mag,i} and *ω*_{i} are the reference voltage and frequency, respectively. *m*_{pi} and *n*_{qi} are the respective droop coefficients, and *ω*_{ni} and *V*_{ni} are the set points.

Droop control makes voltage and frequency deviate from their set points. The cooperative control structure is used to alter *ω*_{ni} and *V*_{ni} in (48) to steer voltage and frequency to their reference values. Each converter can exchange information with its neighbors. Differentiating (48) yields:

$$ {\dot{\omega}}_i={\dot{\omega}}_{ni}-{m}_{pi}{\dot{P}}_i $$

(49)

The auxiliary control input is defined as:

$$ {\dot{\omega}}_i={u}_i $$

(50)

and the cooperative control law is given by [44,45,46,47,48,49,50]:

$$ {e}_{\omega_i}=\sum \limits_{j\in {N}_i}{a}_{ij}\left({\omega}_i(t)-{\omega}_j(t)\right)+{g}_i\left({\omega}_i(t)-{\omega}_{ref}\right) $$

(51)

where *N*_{i} contains the inverters that neighboring inverter *i*, and *g*_{i} represents the non-zero gain for inverter *i*.

The auxiliary input *u*_{i} is:

$$ {u}_i(t)=-{c}_{\omega }{e}_{\omega_i}(t) $$

(52)

where *c*_{ω} is a coupling gain, and the set point in (49) satisfies:

$$ {\omega}_{ni}=\int \left({u}_i+{m}_{pi}{\dot{P}}_i\right) dt $$

(53)

From (50)–(53), the auxiliary input *u*_{i} uses the neighbor’s frequency to mitigate system frequency deviation. The information exchange among neighboring inverters is vulnerable to malicious attacks, which can make the frequency deviation fail to go back to zero. Since the traditional bad data detection evaluates the validity of the received data in a centralized way, it is not applicable to distributed control of microgrids.

Two types of attacks, namely controller attacks and communication channel attacks, are considered as shown in Fig. 8 [51]. Attacks on controllers inject false data into actuators/sensors to attack the local controller, and FDI attacks on actuators can be modeled as [52, 53]:

$$ {u}_i^c={u}_i+{\mu}_i{u}_i^a $$

(54)

where \( {u}_i^a \) is the false data injected into actuator *i*. \( {u}_i^c \) is the corrupted control input and *u*_{i} is the original auxiliary input. μ_{i} is the attack signal, and when attack occurs, *μ*_{i} = 1, otherwise, *μ*_{i} = 0. Note that the attack signal can be either non-constant or constant. A non-constant attack signal that is viewed as noise can be handled by noise filtration techniques, while the attack signal is considered to be constant here [54].

If the whole controller is hijacked, the frequency corruption of inverter *i* can be expressed as

$$ {\omega}_i^c={\omega}_i+{\eta}_i{\omega}_i^a $$

(55)

where \( {\omega}_i^a \) is the false frequency data injected into controller *i*. \( {\omega}_i^c \) is the corrupted inverter frequency and *ω*_{i} is the reference frequency in (48). *η*_{i} = 1 represents the presence of attack.

If the communication channel between two neighboring inverters is attacked by FDI, the local controller receives the corrupted frequency signal [7, 11, 55,56,57]. FDI attack on the communication channel can be modeled by:

$$ {\omega}_i^j={\omega}_i+{\eta}_i{\omega}_i^a $$

(56)

where \( {\omega}_i^a \) is the false data injected into controller *i*, and \( {\omega}_i^j \) is the corrupted inverter frequency transmitted to inverter *j*. *η*_{i} = 1 implies the presence of attack.

The next step is to reveal the vulnerability of the cooperative control of a microgrid under FDI attack. Considering the cooperative control protocol (51) is under attack, the synchronization error will not return to zero for an intact inverter if it is reachable from a corrupted inverter [17]. For example, considering \( {\omega}^a={\left[{\left({\omega}_1^a\right)}^T,\dots, {\left({\omega}_N^a\right)}^T\right]}^T \) and \( {u}^a={\left[{\left({u}_1^a\right)}^T,\dots, {\left({u}_N^a\right)}^T\right]}^T \) are the respective attack vectors injected to sensors and actuators, the global synchronization error dynamic is obtained by applying the control strategy (50) and (52) as well as FDI attacks (54)–(56), as:

$$ {\dot{e}}_{\omega }=-{c}_{\omega}\left(L+G\right){e}_{\omega } $$

(57)

where *L* is the Laplacian matrix defined as *L* = *D* − *A*, while more properties of *L* can be found in [58,59,60]. *D* = diag{*N*_{i}} with *N*_{i} being the set of inverters that send data to inverter *i* (the neighbors of inverter *i*). *A* = [*a*_{ij}] with *a*_{ij} being the weights of communication links between inverter *i* and *j*.

Let \( \iota =\eta \left(L+G\right){e}_{\omega}^a+\mu u \), *η* = *diag* (*η*_{i}), and *μ* = *diag* (*μ*_{i}), the solution to (57) is:

$$ {e}_{\omega }(t)={e}^{-{c}_{\omega}\left(L+G\right)t}{e}_{\omega }(0)+{\int}_0^t{e}^{-{c}_{\omega}\left(L+G\right)\left(t-\tau \right)}\iota d\tau $$

(58)

Given that (*L* + *G*) is a positive definite matrix, the first term in (58) approaches zero for *c*_{ω} > 0. Using \( {e}^{At}={\sum}_{m=1}^{\infty }{(At)}^m \) yields:

$$ {e}_{\omega }(t)\to \sum \limits_{m=1}^{\infty }{\int}_0^t{\left(-{c}_{\omega}\left(L+G\right)\left(t-\tau \right)\right)}^m\iota d\tau $$

(59)

If *m* is the first integer such that \( {l}_{ij}^m={\left({\left(L+G\right)}^m\right)}_{ij} \) is not zero, node *i* is reachable from node *j*, and *m* is the length of the shortest directed path from *j* to *i*. Consequently, there exists \( {l}_{ij}^m\ne 0 \) for 0 < *m* < *N* − 1 if inverter *i* is reachable from the compromised inverter *j*.