Abstract

The distributed generation capabilities of microgrids (MGs) arise as essential assets in enhancing grid resilience. The integration of distributed energy sources, controllable loads, and prosumers necessitates the deployment of potent control and communication synergies. While those synergies transform MGs into cyber-physical systems through information technologies able to sense, control, and actuate local resources and loads, they inadvertently expose MGs to cyber-attack threats. Increasing the security of critical communication and control systems against “black swan” events, i.e., high-impact low-probability cyber-physical incidents, is a major priority for MG operations. Such incidents, if left unabated, can intensify and elicit system dynamics instability, eventually causing outages and system failures. In this article, we develop an integrated approach for multiagent MG systems able to perform the detection of malicious cyber-physical attacks based on subspace methods. We employ the small-signal model of an autonomous/islanded MG and consider different attack models targeting the MG’s secondary frequency control. The attack detector is constructed via identifying the stable kernel representation of the autonomous cyber-physical MG in the attack-free case. We illustrate the impact of the attack models as well as the feasibility of the developed detection method in simulation models of the Canadian urban benchmark distribution system.