CPS Attacks Mitigation Approaches on Power Electronic Systems With Security Challenges for Smart Grid Applications: A Review

Abstract

This paper presents an inclusive review of the cyber-physical (CP) attacks, vulnerabilities, mitigation approaches on the power electronics and the security challenges for the smart grid applications. With the rapid evolution of the physical systems in the power electronics applications for interfacing renewable energy sources that incorporate with cyber frameworks, the cyber threats have a critical impact on the smart grid performance. Due to the existence of electronic devices in the smart grid applications, which are interconnected through communication networks, these networks may be subjected to severe cyber-attacks by hackers. If this occurs, the digital controllers can be physically isolated from the control loop. Therefore, the cyber-physical systems (CPSs) in the power electronic systems employed in the smart grid need special treatment and security. In this paper, an overview of the power electronics systems security on the networked smart grid from the CP perception, as well as then emphases on prominent CP attack patterns with substantial influence on the power electronics components operation along with analogous defense solutions. Furthermore, appraisal of the CPS threats attacks mitigation approaches, and encounters along the smart grid applications are discussed. Finally, the paper concludes with upcoming trends and challenges in CP security in the smart grid applications.

Full text

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier 10.1109/ACCESS.2017.Doi Number
CPS Attacks Mitigation Approaches on Power
Electronic Systems with Security Challenges for
Smart Grid Applications: A Review
MAHMOUD AMIN1,3, (Senior Member, IEEE), FAYEZ F. M. EL-SOUSY2 (Member, IEEE),
GHADA A. ABDEL AZIZ3 (Member, IEEE), KHALED GABER4, OSAMA A. MOHAMMED5 (Life Fellow, IEEE)
1Electrical and Computer Engineering Department, Manhattan College, Manhattan, Riverdale, NY 10471 USA
2Department of Electrical Engineering, Prince Sattam bin Abdulaziz University, College of Engineering, Al-Kharj, Saudi Arabia
3Power Electronics and Energy Conversion Department, Electronics Research Institute, Cairo, Egypt
4Department of Electrical Engineering, Faculty of Engineering, Al-Azhar University, Cairo, Egypt
5Electrical and Computer Engineering Department, Florida International University, Miami, FL 33174 USA
Corresponding author: Mahmoud Amin (mahmoud.amin@manhattan.edu)
The authors extend their appreciation to the Deputyship for Research & Innovation, Ministry of Education in Saudi Arabia for funding
this research work through the project number ID:1289.
ABSTRACT This paper presents an inclusive review of the cyber-physical (CP) attacks, vulnerabilities,
mitigation approaches on the power electronics and the security challenges for the smart grid applications.
With the rapid evolution of the physical systems in the power electronics applications for interfacing
renewable energy sources that incorporate with cyber frameworks, the cyber threats have a critical impact
on the smart grid performance. Due to the existence of electronic devices in the smart grid applications,
which are interconnected through communication networks, these networks may be subjected to severe
cyber-attacks by hackers. If this occurs, the digital controllers can be physically isolated from the control
loop. Therefore, the cyber-physical systems (CPSs) in the power electronic systems employed in the smart
grid need special treatment and security. In this paper, an overview of the power electronics systems
security on the networked smart grid from the CP perception, as well as then emphases on prominent CP
attack patterns with substantial influence on the power electronics components operation along with
analogous defense solutions. Furthermore, appraisal of the CPS threats attacks mitigation approaches, and
encounters along the smart grid applications are discussed. Finally, the paper concludes with upcoming
trends and challenges in CP security in the smart grid applications.
INDEX TERMS Cyber-security, cyber-attacks, cyber-physical system, voltage source converter, smart grid,
security attacks mitigation.
I. INTRODUCTION
Cyber-physical system (CPS) is considered a significant type
of digital technology in power systems, medical, industrial
control, communication, energy system, transportation, as well
as precarious infrastructures. The CPSs employ physical as
well as computational components to validate a process in the
real-time world [1]. The CPS has three main categories: cyber,
physical, along with cyber-physical (CP) elements. The cyber
parts of the software components do not have a direct link
with the real world. These elements comprise computing,
control, and communication to accomplish the system’s
robustness, stability, reliability, and efficiency in the physical
systems applications. Meanwhile, the physical refers to the
physical elements or the hardware components, which do not
have a direct link with the cyber elements. These hardware
components comprise transmission lines, generator stations,
along load models. The CP refers to the equipment that has
direct contact with both the physical and the cyber world. For
the industrial control system, the actuator, the programmable
logic controller, along with the sensor, are entirely CP aspects

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
because of their direct connections with the physical world.
The actuator and the sensor wireless aptitudes are also
considered CP. Meanwhile, for the smart grid, the control
center has a CP aspect when disconnect/connect commands
are sent via the advanced metering infrastructure headend to
the smart meters. Furthermore, the CP aspect can appear in the
smart meter itself because of its aptitude to carryout cyber
operations, e.g. sending measurements to the grid, and
physical operations, e.g. disconnecting/connecting electricity
services. Supplementary field instruments in the generation,
transmission automation, along with distribution plants
have a high existence of the CP aspect because of their
direct connections with physical aspects of smart grids.
The exponential growth in smart sensors, networking, data
acquisition, management framework, embedded controllers,
and instrumentations empowered us to improve new
applications and systems that change our life [2]. The CPS
brought innovation to many industrial applications due to its
prospect of integrating technologies from different sectors,
transforming conventional developments in numerous
application areas, and permitting new processes. These
applications areas include smart grids, industrial control
systems, medical instruments, and miscellaneous applications.
CPS security and the security of software and hardware
systems employed in databases; are critical and challenging
because of their model [3]. As the computation system needs
to be incorporated into a sensitive environment, challenges
increase because of the computations required for real-time
implementation.
The CPS has computational abilities that can sense the
embedded data from the framework and convert it into
beneficial information [4]. Indeed, the cyber system attained
the data from the physical system via sensors' usage and fed
back the control signal to the physical system. This useful data
may be speed/current/voltage measurements, energy
consumption, or medical condition. Based on this data, special
action can be performed on the system, such as control action
or protection procedure against system malfunction or fault
condition. In the CPS, there is a real-time reaction for each
cyber action. These actions greatly influence the safety of the
physical environment and increase CPS reliability [5].
Moreover, some CPS systems require employing warning
threat techniques in real-time applications.
The CPSs greatly influence the smart grids, the
transportation systems, and the digitally-controlled power
electronic systems. However, both cyber and physical
instabilities may have a negative impact on the smart grid’s
performance. Moreover, employing solid-state devices, e.g.,
diodes, thyristors, bipolar junction transistors (BJTs), silicon
controlled rectifiers (SCRs), insulated-gate bipolar transistors
(IGBTs), and triode for alternating currents (TRIACs) in the
conversion of electric power and control is called power
electronics. Because of the digital features, the power
converters have inherited networking aptitudes. The
networked power converters can be employed in renewable
energy generation systems, smart grid [6], telecommunication,
smart home [7], machine drives, battery management systems
[8], etc. Fig. 1 depicts the power converters with various
control hierarchies. The 3-tier is the widely employed
hierarchy, which comprises the regulatory controller at the 1st
tier followed by subsystem controllers and slave controllers.
The supervisory controller may be a Programmable Logic
Controller (PLC) or other controllers able to monitor the
subsystem level controllers and hand over the user's dynamic
commands, e.g., speed/torque commands along with
emergency commands, i.e., shutdown [9].
Supervisory
Controller
Subsystem
Controller
Subsystem
Controller
Subsystem
Controller …….....
Slave
Controller
Power
Module
Slave
Controller
Power
Module
Slave
Controller
Power
Module
....................
FIGURE 1.The control hierarchies for the power converters.
The supervisory level communication is not destined via
firm timing requisites. The subsystems comprise the
transformer, the drive system, power converter module, etc.
For the converter module level, the information exchange can
be correlated to the power electronic building block modules,
which comprise the voltage and current measurements, error
flags along with pulse width modulation (PWM) references.
At this level, the communication should be isochronous for the
fixed packet size at a fixed rate [10]. The power converter
components can be subjected to numerous serious threats,
attacks, faults, false data injection attacks, unpredicted
failures, and cyber-physical switching attacks [11]. As an
example of the power electronics applications, the machine
drives typically comprise speed or torque reference feedback
signals for the process optimization. Moreover, the reliability
along with security is the most critical conditions in the power
converters [12]. The system reliability can be assured if
correct fault detection and tolerance are employed and
accurate encoding signaling of faults. Thus, a hardware-based
interference-detection and attack blocking solution well-
matched with the equipment’s time constants may be favored
at the component level [13]. Moreover, the complexity of the
physical and cyber components in the digitally controlled
power electronics applications can make the system unsecured
against threats and constraints. These threats include the
interruptions and malfunction of the physical infrastructures
and the communication abilities of the CPSs. Therefore,
digitally-controlled power electronics systems must be reliable
and secured from serious attacks and threats.
The CPS attack mitigation must be performed via a
defense-in-depth pattern using detection and reaction
methodologies to protect and employ them at different levels.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
The defenses against the CPS severe attacks can be
categorized into prevention, detection, and response [14]. The
prevention of denotes security techniques that prevent attacks
by providing verification, security policies, and network
segmentation in the CPS. Meanwhile, the attack detection
techniques are designed to identify the strange/irregular
behaviors and attacks in the CPS system. As most of the CPSs
are real-time constraints, a security technique may need to
operate automatically to mitigate the attack quickly.
In the digitally-controlled power electronics systems,
smart devices are responsible for carrying the power flow and
transmitting the data for monitoring and control applications
[15]. The intricacy of the digitally-controlled power electronic
system has emphasized the future challenges to its security
and resilience. Moreover, cyber integration needs considerable
investments in CPS security designs and promotions to
contradict cyberspace's unexpected patterns and attacks [16].
Thus, the CPS must be designed and practically implemented
to be straightforwardly extendable and accessible. Indeed, the
CPS security solution will include both the hardware and the
software-based solutions with various defense layers against
the cyber-attacks.
The CPS's significant focus in the digitally-controlled
power electronics applications is the investigation of
composite attack patterns. The attackers can comprehend
trickery patterns by exploiting both zero-day and known
vulnerabilities in the power electronic system. Also, the
threats of the attack can cause power supply failures, cascaded
failures in the system. It can also damage consumer
instruments and threaten the human safety. Thus, the
evaluations of vulnerabilities and flexibility alongside the CPS
attacks will provide the bases for inclusive protective
strategies as well as emergency responses for the serious
electrical power structure [17]. Investigating the CPS attacks
threats in power electronics systems and the security
approaches' improvements are non-stop research areas.
The cyber as well as the physical security assessments are
necessary for securing the digitally-controlled power
electronics systems. Still, neither direction alone can afford
comprehensive identifications and solutions despite
integrating the other. Though various discovered attack threats
in the CP systems are supplemented with detection, protection,
or attacks mitigation approaches, some of the unknown threats
still endure for being addressed. Moreover, employing the
CPS in the digitally-controlled power electronics systems can
be subjected to various vulnerabilities as well as approaches;
the famous threats can provide fast reappraisal according to
the new developments [18].
The conventional cyber analysis may not work for the
digitally-controlled power electronics applications due to the
interruption into cyber-asset. This action needs
reconsideration of the customarily used security approaches to
indicate the physical and cyber systems' interconnection. A
composite CP analysis of the power electronic system and the
related cyber design requires establishing criteria for
evaluating the CPS vulnerabilities [19].
This paper presents a comprehensive survey as mapped in
Fig. 2 of the digitally-controlled power electronic system CPS
focusing on the security, threats, vulnerabilities, attacks
mitigation approaches.
We believe that the CPS research topic is valuable to
provide an intensive overview of the previous surveys to
present the CPS research trends and its challenges
systematically.
The Power Electronic CPS Security
Application Security Defence
Privacy
Power Grid
Industrial Control
Systems
Cyber
Physical
Cyber-Physical
Prevention
Detection
Response
FIGURE 2. Security taxonomy for power electronic CPS.
As depicted in Fig. 2, the power electronics system CPS
focuses on the CPS security systems of the power electronics
in the networked smart grid and the industrial control system.
Indeed, the users' privacy for innovative technologies in the
smart grid and the industrial control system must be secured;
as various sensors can be employed, which can be subjected to
sensitive information leakage. Furthermore, the data collection
from CPS operation over long time intervals can reveal
behavioral patterns of users that allow their characterization
along with identification beyond the scope of applications,
violating privacy rights. Moreover, after recognizing the CPS
vulnerabilities, it is necessary to employ defense techniques
for preventing the CPS attacks.
Various survey papers have been conducted on the CPS
security of the smart grid as illustrated in Table 1. However,
the main scopes of this paper are: presenting a comprehensive
background on the CPS security in the power electronic
systems applications, potential threat sources and their
motivations are extensively surveyed, existing vulnerabilities
in the networked smart grid are presented with highlighting
the main reasons with real examples, introducing the impact
along with vulnerability analysis of the control,
communication as well as physical layer employed for
handling the voltage source converters, existing control
mechanisms for the networked smart grid are summarized by
identifying the unsolved issues, introducing research trends
and challenges in securing the CPS in the networked smart
grid, according to this review, further research problems are
addressed and their early solutions as future directions.
This paper is organized as follows; Section II presents the
architecture of digitally-controlled power electronic CPSs.
Scenarios of cyber-attacks on the networked smart grid are
addressed in Section III. Section IV introduces the CP
viewpoint of networked smart grid security. Section V
presents the power electronics CPS security threats. Section
VI offers the power electronics applications CPS security

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
vulnerabilities. Section VII presents the CP vulnerabilities in
the smart grid. Section VIII introduces the analysis and impact
of cyber-attacks vulnerability on controlling the voltage
source converters. The CPS attack mitigation techniques are
addressed in Section IX. Section X presents the CPS security
challenges in the networked smart grids. Finally, Section XI
concludes the paper.
TABLE 1. List of CPS surveys on the smart grid.
Survey Content
Survey Area
Year of Publication
Reference
Survey on protection methods for large renewable
integration in smart grids, wireless charging in EVs, power
technologies for CPS reliability, transactive smart railway
grid, along with real-time simulation of shipboard power
systems.
Power electronics, smart grids, IoT, technological
innovation, voltage control, market research,
renewable energy sources
2021
[15]
Survey on the different types of cyber-attack detection and
mitigation control approaches for the power system
Cyber-physical power system, CPPS modeling,
CPPS simulation, cyber-physicalsocial system
(CPSS), cyber-attack, cyber security, and smart grid.
2020
[18]
Survey on the model-based and the data-driven algorithms
for detecting the FDI attack according to the pros and cons
of each algorithm.
Cyber-physical attacks, smart grid, data-driven
detection algorithms, machine learning, false data
injection, model-based detection algorithms, state
estimation, and stealth attacks.
2020
[40]
Survey on cyber-physical smart grid testbeds for providing a
taxonomy along with insightful guidelines for the
development and identifying the significant features and
design decisions while emerging future smart grid
testbeds.
CPS, testbed, and smart grid
2017
[81]
Survey on industrial CPS monitoring and control based on
data-driven realization.
CPS, system monitoring, data-driven, fault
diagnosis, plug-and-play control, and smart grid,
2018
[93]
Survey on different prospects, merits, approaches, and
technical challenges of employing the blockchain technology
in the smart grid.
Smart grids, blockchain, consensus algorithm,
industries, renewable energy sources
2019
[125]
A survey on the implementation of differential privacy in the
healthcare and medical systems, the energy systems,
transportation systems, and industrial IoT.
Differential privacy, CPSs, smart grid, health care
systems, industrial IoT, and privacy preservation.
2020
[138]
DC/DC
AC/DC
DC/DC
AC/DC
DC Voltage
Control
Charging Algorithm
MPPT Algorithm
MPPT Algorithm
Input Side Converters
Input Stage DC Stage AC Stage
Frequency Control
DC Voltage
Control Synchronization
AC Voltage
Control
Fault-ride
through
AC Current
Control
Switching and Sampling
Virtual
Impedance
DC/AC Filter PCC
Grid-tied Voltage
Source Converter
Control
Wind
PV
AC Grid
Energy Storage System
UPS
AC Grid
AC Microgrid
HVDC Cables
DC Microgrid
DC-link Capacitors
DC Bus
DC Load
AC Load
AC Bus
DC Load
AC Load
FIGURE 3. The structure of the AC smart grid-tied voltage-source-converter system.
II. ARCHITECTURE OF DIGITALLY-CONTROLLED
POWER ELECTRONIC CPSs
Fig. 3 illustrates the structural design of AC smart grid-tied
voltage-source-converter system. As depicted, the entire
power conversion chain has six stages: the input stage, the
grid-connected voltage source converter stage, the input-side
power converter stage, DC voltage stage, the cyber stage,
along the AC grid stage.
This structural design is the most generally employed for
interfacing renewable energy sources such as the PV, wind,
energy storage systems [20], and the electric vehicle charging
arrangement with the networked smart grid [21].

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
Master
Slave 1
Slave 2
Slave 3
Slave 4
Master
Slave
1Slave
2Slave
3
Master Slave 1
Slave 2Slave 3
Master Slave 1
Slave 2Slave 3
(a) (b) (c) (d)
FIGURE 4. The communication topologies for the cyber structures: (a) Star topology (b) Bus topology (c) Ring topology (d) Daisy chain
topology.
For enhancing the networked smart grid’s robustness along
with resiliency, the voltage source converter systems are
expected to be connected via communication links into a
particular comprehensive CP networked smart grid.
The detailed control stages can be discussed as follows:
A. THE PHYSICAL STAGE
On the left side of Fig. 3, the standard input power
sources/sinks are placed. In the input stage, some units, e.g.,
energy storage system, the grid can absorb or inject the power.
The power exchanged between the input-side along with
the intermediate DC stage, can be regulated via input-side
converters. These converters are employed for exchanging the
energy between the input-stage along with the DC voltage
stage. Indeed, the DC stage is used as a power buffer between
the input as well as the AC stage for operating autonomously
from the AC stage as in the DC microgrid [22].
To integrate the source from the input stage into the grid, a
grid-connected voltage source converter operates as an
interface between the DC-link stage and the AC grid. As
illustrated in Fig. 3, their output is connected through the
interface filter to an AC microgrid, standalone AC loads, or an
AC grid.
Based on the interconnection between diverse AC stages,
numerous standards are appropriate. In the networked smart
grid, the main concern lies with the grid current regulation
with high power qualitative signatures at the transient’s
occurrence (voltage swells, voltage sags, as well as
unbalances) [23]. Lately, an increasing number of grid-
supplementary services correlated to grid voltage and
frequency support are likewise mandatory [24]. Moreover,
their performance in the less inertia autonomous system (i.e.,
microgrids) can be basically controlled by sharing aptitudes
for reactive as good harmonics throughout the transients,
steady-state, and the active power.
B. THE CYBER STAGE
The networked smart grid contains various voltage source
converters. Together with traditional synchronous generators,
they conjointly control the grid as well as all of these units is
considered an agent for a standard part of a smart grid with
interconnected voltage source converters.
The communication topology can be distinct as the
physical layout of the network nodes along with the
connecting cables. The most widely employed communication
topologies are star, bus, ring, dual ring, tree, mesh, daisy
chain, and hybrid as depicted in Fig. 4 [134], [141], [165],
[213]. This figure shows the graphic depiction of both the
cyber structures, as the dotted lines refer to the information
flow. In general, for the power converters, the most employed
control topologies are star, bus, ring, along with daisy chain.
Fig. 4(a) depicts the star topology, which is the simplest
topology as each power electronic building block is connected
to the subsystem master controller through a single full duplex
connection. A very simple communication protocol is
adequate. Though, this topology restricts the maximum
number of power electronic building blocks connected to the
master controller; it is less resilience and hard to scale up.
Indeed, it requires complex wiring, circuit along with dense
computational load executed upon the master making it a
vulnerable single point of failure.
Fig. 4(b) depicts the bus topology, which has a common
trunk shared via all the power electronic building blocks
connected to the master. It is quite easier to add a new power
electronic building block making it flexible. Instead, it needs a
complex communication protocol with extra features.
Fig. 4(c) depicts the ring topology [25]. In this topology,
the power electronic building blocks are connected one after
another, therefore, it needs only one pair of transmitter along
with receiver making it scalable, though a complex
communication protocol is needed for supporting the
synchronization.
Fig. 4(d) depicts the daisy chain, which is a sub form of
the ring topology without the loop back to master. This
topology is a scalable one but is vulnerable to single point of
failure.
Each agent has a distributed controller that can process the
data from local and neighboring agents and from other remote
locations. These data can be acquired via employing phasor
measurement units (PMUs) that include the dynamic voltage
phasors. The communication between the local controllers and
the PMUs can be accomplished in a centralized manner, as the

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
measurements from entire agents are centrally gathered for
processing and decision making. Supervisory control and data
acquisition (SCADA) system is considered the most effective
technique of coordination between agents as in [26] for easing
the monitoring in the smart grid networks. For higher numbers
of agents, this technique not only needs substantial
communication resources, but it is also susceptible to probable
cyber-attacks.
The decentralized control denotes a scheme as only local
measurements are employed. Meanwhile, the distributed
control paradigm is flexible as the computational resources are
consistently allocated to attain coordination. Therefore, low
bandwidth communication channels are used for
accomplishing the same function. Nevertheless, it provides
noticeable criteria of valuation of interruption attempts,
vulnerability to cyber-attacks cannot be essentially assured for
coordinated attacks [27], [28]. This can be clarified because
inadequate information exists in every node, which does not
function as sufficient inclusive information for cyber-attack
detection.
Fig. 5 depicts an outline of the control functions of AC-
grid-connected voltage source converters according to their
timescales. As depicted, the control loops are illustrated next
to each other for operating simultaneously (i.e., DC-link
voltage control along with synchronization [29], fault-ride
through (FRT) along with AC current control [30], or active
damping as well as virtual impedance/admittance control
[31]).
Frequency control
DC Voltage
Control Synchronization
AC Voltage
Control
Fault-ride
through
AC Current
Control
Switching and Sampling
Virtual
Impedance
Energy Management System
Reactive Power Support
1 Hz
10 Hz
100 Hz
1 kHz
10 kHz
Cyber-attacks
Secure Vulnerable
FIGURE 5.Traditional control structure for 2-level voltage source
converter – Secure as well as vulnerable control layers alongside
cyber-attacks.
LGLG
Load
Load
Grid
PCC
VSC+L(LC)
filter VSC+LC
filter
(a) (b)
FIGURE 6. Voltage source converter representation with basic
types: (a) Grid-feeding and (b) Grid-forming voltage source
converter.
C. THE ROLE OF VOLTAGE SOURCE CONVERTERS
In the microgrids, along with the renewable-based power
systems, the voltage source converters' main role is
categorized as the grid-feeding, grid-supporting, and grid-
forming units [32]. These roles can be addressed as follows:
1) Grid-feeding voltage source converter unit: This unit's
main function is injecting a definite current into the grid.
Thus, they are signified as current sources, as depicted in Fig.
6(a). For real-time implementation, they contain a dedicated
synchronization unit, an outer DC voltage control loop, as
well as an inner current control loop with embedded passive or
active damping [33]. In order to generate the current
command, outer power controllers are employed for
supplementing the DC voltage controller.
2) Grid-forming voltage source converter unit: This unit is
employed for regulating the local voltage. Thus, it is signified
as an ideal voltage source, as depicted in Fig. 6(b). Because of
its rigid voltage regulation, this unit is deliberated as the
system’s master, which outlines the local AC grid.
Consequently, this unit does not require to have any dedicated
synchronization along with power-sharing aptitudes. For the
real-time implementation, this unit can be realized through an
inner current loop along with an outer voltage loop [34]. This
functionality is utilized as an elementary philosophy in
standalone applications as the microgrid [35].
According to the paralleled voltage source converters in
the standalone microgrid, the principal control law can be
employed for both reactive along with active power to align
the frequency ω* along with the voltage reference V*
respectively for synchronization as illustrated in (1), (2):
( )
** QQNVV Qref −−=
(1)
( )
** PPMPref −−=

(2)
where Vref, ωref, Q*, P* denote the global voltage, frequency,
reactive and active power references, respectively.
Meanwhile, NQ, MP, Q along with P represent the reactive
power droop, active power droop, measured reactive as well
as active power, respectively.
3) Grid-supporting voltage source converter unit: this unit
comprises of wider spectrum of control functionalities, from
grid frequency/voltage support, reactive/active power sharing
to impedance/admittance emulation along with virtual inertia
[36].

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
Control Layer
Local Controller
Central
Controller
Sub- Controller
Network Layer Actuator/Sensor Layer Physical Layer
Command
Command
Information
Actuators
Measurements
Sensed Measurement
Operation Command
PMU V PQ I
Sensors
FIGURE 7.The CPS architecture with multiple layers.
TABLE 2. Cyber-attacks in the smart grids.
Transmission
System
Distribution
System
Instrument
System
Type of Attack
State Estimator
√
√
DoS/FDI
SCADA
√
√
√
DoS/FDI
Data Concentrator
√
√
√
Delay/FDI/Jamming
Power Market
√
√
DoS/FDI/Delay
Communication Channel
√
√
√
Delay/Jamming/DoS
Phasor Measurement Unit
√
√
√
Delay/Jamming/DoS
Remote Terminal Unit
√
√
√
Delay/Jamming/DoS/FDI
Intelligent Electronic Device
√
√
Jamming/FDI
Advanced Meter Infrastructure
√
√
Jamming/FDI
Programmable Logic Controller
√
√
√
Jamming/Delay/FDI
Control System
√
√
√
DoS/FDI
III. SCENARIOS OF CYBER-ATTACKS
This section addresses the main causes and the cyber-attacks
scenarios on the networked smart grid. Furthermore, it
discusses the cyber-attacks impacts on the networked smart
grid by considering the technical failures and triggering
events' resultant effects.
A. CAUSES OF CYBER-ATTACKS
The networked smart grid in its structure comprises
communication systems along with hybrid of power, which
renders vulnerabilities that can be compromised during the
cyber-attack. These vulnerabilities include confidentiality,
integrity along with availability, or the CIA abbreviation [37].
The networked smart grid is characterized as a CPS as
depicted in Fig. 7, which comprises sensor/actuator, physical,
network, information, and control layers. Each layer's
operation is conceivable but does not certainly mean an
interruption detection component or system prerequisites to be
applied in the whole layer. Information can flow between
entire layers as they maneuver merely in a cycle [38].
Cyber-attacks can appear in numerous forms. Its main
definition is human-made manipulation of the smart grid and
conveying the power flow to where it is unassigned via the
network operator, as illustrated in Table 2. Different
interoperability layers in the networked smart grid comprise
function, physical, and business layers.
These layers are interrelated via a communication layer for
information exchange attack surfaces that are broader than
those illustrated in Table 2. Though, in this table, the most
common surfaces that can be attacked in present modern
power systems are reviewed as a basis for identifying the
common attacks domain as well as type.
These attacks include denial of service (DoS), false data
injection (FDI), insertion of worms or malware, energy theft
[39], as well as physical damage of the smart grid, e.g.,
causing apparatus to self-damage [40]-[42].
• The DoS attacks can be recognized via jamming the
communication channels by the attacker. These attacks
aim at the electronic maneuvers and attack the routing
protocols for cramming the communication channels and
causing delays. Indeed, the DoS attack can restrict the
legitimate user's access to the services along with
resources via overflowing the communication network
with excessive traffic [43].
• FDI attack scenarios are recognized when the attacker
injects false data on the control center's communication
line and the field sensors. Thus, the attacker can disturb
the state estimation processes and betray the network
operator [44]. The FDI attack can result in various
outcomes relying on the intention of the intruder, which
comprises error in the locational marginal prices (LMP)
for illegal market profits, energy theft, along with
physical destruction through the network. FDI attacks can
affect the LMP by confusing the state estimation, which

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
then unsympathetically involves the contingency analysis
processes [45].
• Insertion of worms or malware can range from malicious
software that operates in backgrounds to decelerate the
smart grid computers’ operations via employing Trojan
software for stealing the certificates of practical security
[46].
To detect cyber-attacks on the Internet-of-Things (IoT)
applications, the sensors available in the system is utilized
along with monitoring the physical system possible models.
Cyber-attack does not nearly have to arise in the power system
itself. It can initiate from different systems that frequently
interrelate with the grid, e.g., electric vehicle (EV) supply
equipment [47]. In [48], the malware attack model has been
designed to attack the infrastructure of the EV, along with its
communication systems when EVs are charging. In some
cases, attacks can be undetectable, e.g., malicious data
injection attacks that can change the measurements values
without being identified; thus, serious consequences can
occur.
Based on the engineering perception, the smart grids can
be subjected to cyber-attacks owing to the widespread and
dependence on intelligent electronic devices (IEDs) [49]-[52],
distributed advanced metering infrastructure (AMI) [53], as
well as wireless and off-the-shelf communications
components along with systems through the power network.
The cyber infrastructure can increase autonomous decision-
making and the system’s connectivity via regular information
protocols that frequently have visibly documented
vulnerabilities. The energy industry privatization and market
deregulation have increased the competition between energy
suppliers to improve consumer-centricity. Moreover, threats
can occur in the form of disappointed utility insiders,
electricity customers, as well as cyber-attacks.
B. CYBER-ATTACKS IMPACTS ON SMART GRID
In the networked smart grid, control systems are further
vulnerable due to their coupling with new communication as
well as information technologies along with the CPS physical
controllers [54]. The distribution management system (DMS)
in distribution networks along with the energy management
systems (EMSs) in the transmission networks are critical
equipment systems that are significantly influenced or abused
throughout the attack. These platforms are used for collecting
the data from distributed or remote meters along with sensors
through the network. Via injecting false meter data as a cyber-
attack, the DMS or EMS functions at the control center will be
deceived through the state estimators that can make power
dispatch, inaccurate decisions on contingency analysis, and
even billing transactions [55], [56].
Smart grid has synchrophasor-based cyber-security that
can provide real-time data to the EMS for controlling and
monitoring the physical network [57], [58]. Modern
synchrophasor instruments, e.g., digital fault record (DFR),
PMU, along with protecting relays with PMU functionality,
are vulnerable to various errors [59], [60]. These comprise
cyber-attacks, which is considered a challenging issue as the
equipment is intertwined with numerous legacy instruments
with protection/no protection alongside cyber-attacks [61].
In [62], CPS security has been analyzed where a trickery
attack has targeted the actuators, sensors, and actuators and
sensors. The FDI attack probability relies on two possibilities:
(i) the hacker can control the sensor nodes as well as (ii) the
hacker knows the system perfectly or its precise topology at
entirely instants throughout the attack [63]. Commonly, the
most significant influence of an attack can be recognized
when the attacker has access to the SCADA systems and
performs control actions [64]. The attackers can settle raw
data measurements that result in unobserved errors to factor
into estimates of state variables e.g., bus voltage magnitudes
and angles. This can arise when the attacker takes the merits
of small errors tolerated through state estimate approaches.
Eventually, this numerously threatens the security of the
power system [65]. The state estimation disturbances can
increase the state estimates mean square errors and
fluctuations in the electricity market's simultaneous prices.
The impact of invalid state estimates for mean square errors
can make the network operators make incorrect decisions, and
alterations in the real-time prices of the electricity market can
profit only the attacker [66].
Through the FDI attacks, the smart grid can undergo load
redistribution attacks, economic attacks, or misleading energy
attacks. The economic attack is a sort of FDI attack that can
affect the deregulated electricity market operations, which
includes two markets: the real-time market and the day-ahead
market. In this case, the attacker can handle the market prices
of the power along with acquiring financial gains.
For the load redistribution attack, the smart grid operation
can be effected via hacking on the security-constrained
economic dispatch (SCED) [67]. The main purpose of the
SCED is to reduce the cost of the whole system operation;
though, in case the raw measurements are handled via the
attacker, the SCED will cause an overload of the lines. The
latter may not be detected by the system operator and
originates significant physical damages to the smart grid.
The deceptive energy attack can affect the distributed
energy routing process; basically, this is a scheme for
identifying the optimal energy routes for a generation or load
demand. In case the measured data is corrupted, inaccurate
energy demand or supply messages can be recruited [68].
Generally, cyber-attacks can impact four foremost aspects of
the huge power systems: energy market, state estimation,
voltage control, and automatic generation control. FDI attacks
can deceive the system operators by believing that the
operating conditions' status is safe both economically and
physically when they are not [69].
Moreover, the FDI attacks can affect the system's security
stability. For detecting the FDI attack, spatiotemporal cyber-
state correlations can be employed.
Via monitoring the progressive consistencies of the spatial
correlations between state estimations, potential anomalies can
be detected [70].

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
SM
SM
SM
SM
Headend
SM
SM
SM
SM SM
Data Concentrator (DC)
Smart Meter (SM)
Home Area Network
SM
DC
DC
FIGURE 8.The infrastructures of the advanced metering.
The attacker can affect the communication network via
attempting to connect and dial-up to intelligent electronic
devices or a remote terminal unit (RTU). This can permit them
to spy on telecommunications, perform a wide-area network
(WAN) transmission or a local-area network (LAN) as
depicted in Fig. 8. The attackers can similarly attack the
corporate information technology (IT) systems and gain
entrance access to the connected SCADA or EMS systems;
internet service providers (ISP) and telecommunications can
also be attacked. The smart grid suppliers are dependent on
corporate IT systems as well as their connected SCADA
systems can increase the electric smart grid vulnerability
significantly [71].
Cyber-attacks, along with disturbances, can arise
numerous times from a single origin as well as extend to
diverse areas. In the electric vehicle charge stations, the
consumer can charge its EV at numerous stations; thus, the
malware can spread due to the communications between
electric vehicle charge stations and vehicle-to-infrastructure.
The EV attack can apply to the electric vehicle charge station's
smart grid infrastructure to the utility systems [72]. The power
systems and transportation integration can leave numerous
open doors for the attackers. Particularly in the connected
environment, e.g., the infrastructure of the EV, comprising
electric vehicle charge stations, EVs, meters along with other
roadside infrastructures as well as when intensely integrated
with severe infrastructure systems [73]-[75].
IV. CP VIEWPOINT OF NETWORKED SMART GRID
SECURITY
A. SMART GRID AS A CP SYSTEM
The smart grid is built on a vast physical infrastructure of
electrical power systems that can be categorized into
generation, transmission, and distribution systems [76]. In the
conventional power system operations paradigm, the
electricity is generated in power plants and delivered along
with the transmission systems to the customers in the
distribution systems. The EMSs placed in control canters can
monitor as well as control this unidirectional process via
employing SCADA systems [77]. These SCADA systems are
typically hosted on dedicated communication infrastructures,
including the local area networks, wide-area networks
(WANs), and field area networks. The networked sensors'
main function is to collect measurements, such as currents as
well as voltage, then transmit the data to the control system
via employing remote terminal units (RTUs) in the SCADA
system. These RTUs are liable for the actuators’ operation for
adjusting topology and the dynamic system parameters [78].
The physical systems of generation, transmission, and
distribution are interconnected via transmission lines and
substations positioned in the field.
On top of these infrastructures, regional transmission
organizations, along with independent system operators,
coordinate the system's operations among service providers
and consumers in the electricity market. Fig. 9 depicts the
infrastructure of the entire networked smart grid, identified by
the National Institute of Standards and Technologies (NIST),

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
which comprises 7-domains of generation, transmission,
distribution, electricity markets, operation, service providers,
along with customers [79], [80].
In the networked smart grid, innovative technologies have
transformed the conventional power systems in various areas
[81]-[83]. The upward integration of renewable energy
systems enhances the economics along with the sustainability
of generation systems. The distributed energy resources
(DERs) permit customer-side power generation as well as
management with more reliability and flexibility, converting
the existing patterns of power flows from unidirectional into
bidirectional. In the transmission systems, the phasor
measurement unit (PMU) employs a global positioning system
(GPS) for providing more precise, frequent, and reliable
synchronized measurements, enabling the wide-area
monitoring, protection, and control (WAMPAC)
implementation over high-speed communication networks
[84]. The AMI systems with numerous smart meters in the
distribution systems provide new 2-way, real-time
communications in the smart grid, which endorse various
profits from energy management, demand response, along
with consumer engagement. Moreover, the increasing
existence of energy storage, electric vehicles, and other
emerging approaches are consistently introducing innovative
changes to electricity generation, transmission, as well as
distribution.
The communication systems, information, as well as
computations in the smart grid have instituted a global cyber
infrastructure interlinked with the physical systems. The
commands as well as measurements are regularly generated
and transmitted between cyber and physical systems. The
physical systems measurements mainly consist of analog data
and status data: the status data comprises the smart grid
components; the analog data represent the system dynamics
measurements. Basically, in the measurements, operators
determine the optimum control strategies as well as produce
the control commands for coordinating the actuators in the
physical systems [85].
During the fault or disturbance occurrence, diagnostic logs
are recorded via employing add-on recording instruments to
support the location, assessment, mitigation, as well as repairs
at the emergencies.
The sensor measurements can be processed via employing
distributed along with centralized computation instruments
positioned at different places in the smart grid. In the
conventional centralized operations, critical calculations in the
EMS, comprising optimal power flow (OPF), the state
estimation (SE), automatic generation control (AGC), along
with economic dispatch (ED) are hosted in the control centers.
For better efficiency, resiliency, and flexibility, the latest
advances in intelligent electronic devices along with
programmable logic circuits have increased the employment
of localized as well as distributed computations in the smart
grid [86].
In the smart grid, communications have been mainly
hosted on registered networks as well as SCADA systems.
Industrial protocols, e.g., DNP3 as well as International
Electrotechnical Commission (IEC 61850) have been
established for communications between and within
substations along with control centers [87].
New communication standards are being performed in the
smart grid to accommodate the integration of energy storage,
renewable energies, and PMUs. Furthermore, due to the
increasing efficiency requests and cost pressures, the smart
grid also increasingly depends on public communication
infrastructures.
Via employing the ICT interfaces, the industrial control
systems can access the internet. Two-way communications
between customers as well as service providers are also
widely established via the AMI system, permitting flexible
demand response for economic profits along with reliability.
B. CP SECURITY OF THE SMART GRID
In the smart grid, the security challenges have been widely
increased in both cyber along physical spaces [88]. The power
systems have intrinsic physical vulnerabilities, which can
cause massive blackouts from incidents. The renewable
energy sources integration can suffer from non-linearity,
uncertainty, time-variance to existing power systems, and the
new patterns from DER are inducing substantial influences on
the stability [89].
The cyber-integration has vital security challenges, as
great threats arise from the attacker’s aptitude to launch
remote, trickery, simultaneous, as well-coordinated attacks
from the cyberspace. The scheme of informed attack can cause
serious damages along with disruptions such as power
blackouts, service interruptions, economic losses, to life-
threatening threats, where societal, personal, as well as
national securities may entirely be influenced [90].
The research on the security of the smart grid CP advances
on a frontier of CPS, determined at the physical security
intersection of energy and power systems and the cyber-
security of communication, information, and computation
systems [91]. The strengths incorporation of cyber and
physical security is a significant requisite for the resilience
and security of this critical infrastructure.
B.1 CYBER-SECURITY
Cyber-security is considered a significant component in smart
grid development [92]. The principles of integrity,
confidentiality, as well as availability have been established
for the system’s information security.
The firewalls, along with intrusion detection systems
(IDSs) have been employed to protect field devices as well as
control centers against exterior intrusions. Indeed, secure
protocols have been established for protecting the SCADA
communications within and between control centers,
actuators, along with substations. Secure wireless or wired
networks have also provided reliable communications for the
emerging AMI and PMU systems.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
Operations
Distribution
Generation
Marketing
Service
Provider
Customer
Transmission
Domain Safe communication flow Electrical flow
FIGURE 9.The networked smart grid conceptual model via NIST.
Meanwhile, the smart grid’s cyber-security also
prerequisites further accommodate physical properties,
dependencies, and power systems requirements. For instance,
denying the access to an account after several unsuccessful
log-in attempts; is regularly undesirable in the power system
control. Attackers may employ a mechanism to lock operators
out of the system, causing ruinous consequences [93].
Furthermore, in the smart grid, signature-based IDSs and
anomaly also requisite the adaptation of diversifying and
emerging patterns for identifying the malicious attempts
effectively. Indeed, the real-time data streams also have big
data challenges to the analysis of the cyber-security in the
smart grid. Moreover, there is a crucial requisite for
incorporating the physical aspects into the smart grid’s cyber-
security [94].
B.2 PHYSICAL SECURITY
The power system’s physical security can be protected via the
evaluation along with the screening of the contingencies. The
contingency analysis (CA) assesses the security of the power
system after trustworthy inadvertent contingencies on the
selection of operating points [95]. Usually, the CA can cover
disturbances, faults, as well as planned outages, among others.
The constraints of contingency-related security are
subsequently established via the CA for guaranteeing the
power systems' survivability with marginal interruptions to the
electricity delivery. For the smart grid, the analysis of both
steady-state, as well as transient security power systems serves
as the foundation of CP security. Nevertheless, the emerging
CPS as well as the interconnected power systems, have
challenges to the analysis of physical security.
The CA complication and cost is increasing dramatically
when the system scales, interpretation it challenging to
implement N−k security or conduct multi-CA in bulk power
systems [96]. The complexity and heterogeneity of software,
operations, and hardware in power systems also limit the
precise and timely evaluation of remotely located incidents
whose influence could propagate over a long distance at the

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
speed of electromagnetic waveform. Without adequate wide-
area coordination, various local remedial actions may
compete, rather than collaborate, with each other, causing
deteriorate influences, i.e., blackouts or cascading failures
[97]. Furthermore, cyber-integration can introduce emerging
challenges. Most systems as well as field devices are not
designed with adequate security features alongside malicious
events, especially from cyberspace.
As the cyber-integration can expose the system to access
resources as well as points in cyberspace, researchers have
been revealing vulnerabilities, both indefinite and zero-day, in
the evolving smart grid. The shortage of adequate protection
alongside coordinated cyber-attacks could be disastrous, as
demonstrated in the cyber-attack on a Ukraine regional grid
[98]. They were automated along with intelligent systems,
which have been designed to improve the reliability as well as
the security of the system, maybe turned as weapons alongside
the smart grid itself. With all these developing threats, the
conventional power system security advantages an in-depth
overhaul in the era of the smart grid.
B.3 CP SECURITY
A secure smart grid depends on the integrative security that
combines the strength in both cyber-security and physical
analyses against malignant and accidental events. The smart
grid operators should be conscious of the measurement risks
and commands corrupted via attackers internally and
externally. Restoration efforts and mitigation need to be
guided with sufficient security consciousness for evading
secondary recompenses in the post-attack systems [99].
In the security analysis, serious vulnerabilities are often
discovered by scenarios where attackers are characterized by
feasible objectives, resources, as well as knowledge. The
investigation of the attack schemes frequently serves as the 1st
step for establishing security in the vulnerable system. Though
it is unfeasible to exhaust entire potential attack schemes, the
worst-case analysis is of concrete meaning to realize the
feasibility along with the possible attack threat impact [100].
The smart grid security investigations have revealed
various attack schemes that exploit critical vulnerabilities with
various damages and disruptions. The sympathetic of these
schemes is acute for improving the CP security of the
technologies in the smart grid. Moreover, it will also help the
researchers realize new vulnerabilities and solutions for the
emerging CPS in this critical infrastructure [101].
B.4 CP RELIABILITY AND RESILIENCY OF
POWER SYSTEMS
The system’s security should be robust adequate to avoid the
cyber-attacks as well as provide advanced controls for system
reliability along with stability. Reliability of the system
comprised of adequacy along with security, which includes
availability. The availability means that the data can be
delivered securely and is available in a timely manner.
Consequently, NIST has developed the standards for the
communications network to integrate smart grid security [51].
Reliable information storage along with secure
transportation are crucial for smart grid, billing functions, and
grid control [43]. Resilience alongside faults and attacks must
be addressed via a defense-in-depth paradigm whereby
detection, prevention, along with reaction techniques for
protection are used at numerous levels. Effective security
mechanisms along with standardization efforts for the smart
grid protection should be conducted for preventing the cyber-
attacks. The most serious demand for smart grid is to
guarantee process reliability. Instead, higher energy usages,
older power infrastructure, along with higher demand are vital
reasons to raise smart grid reliability issues. Therefore, the
employment of modern communication protocols, quicker and
robust control devices, communication & IT technologies,
along with embedded smart devices can enhance the system’s
robustness and reliability [101]. The smart grid deployments
in large scale can present brilliant options for wireless
technologies, e.g. security, limited bandwidth, along with
minimized installation costs. Though, wired technology is
luxurious [5], [42]. Thus, a hybrid communication method
integrated with wired along with wireless technologies is used
for guaranteeing the robustness, reliability, along with
availability.
V. THE POWER ELECTRONICS CPS SECURITY THREATS
Identifying the potential and serious threats that can attack the
power electronic system is a severe issue and holds various
challenges [102]. Our target is to discuss the various CPS
security threats in general and then on two power electronics
applications, e.g., smart grid and industrial control systems.
A. GENERAL CPS THREATS FACTORS
In the CPS system, the security solution may respond in an
inverse manner when it is attacked. The security attacks can
be defined as the actions that may cause loss or damage in the
CPS system [103]. The damage refers to harming people,
systems, and the environment, whereas the loss can be in the
availability of the resources, safety measures, integrity, and
sustainability. Some of these attacks may be harmful as they
can overthrow the CPS's IT system by holding up the
communication and the activity of the system entirely or
injecting harmful information that may damage the security
policies [104].
The CPS threats have five significant factors: sources,
target, motive, threat vector, and the consequences of the
threat, as illustrated in Fig. 10. These factors are discussed as
follows:
The 1st CPS threat factors are the threat sources that are the
threats' imitators and may affect CPS security. The threat
sources comprise the physical, cyber, along with CP threats as
depicted in Fig. 11.
The cyber threat sources include passive as well as active
threats, as depicted in Fig. 11. The passive threats contain
information harvesting and tracking. Meanwhile, the active
threats include the denial of service and impersonation. Both
the active and passive threats invade CPS integrity,
availability, confidentiality, and authentication [105].

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
The physical threat sources include environmental,
accidental, and adversarial threats. The environmental threats
encompass natural disasters e.g., floods, and earthquakes,
indeed the man-caused disasters e.g., fires and explosions
[106]. The accidental threats are the threats that occur
accidentally or via the authentic CPS components [107].
Meanwhile, malicious threats pose malicious purposes from
states or individuals, groups’ organizations [108].
The CP threat source is a mix of cyber and physical
sources. As the protocols can lack encryption, thus, the data
can be susceptible to eavesdropping along with severe attacks
or false data can be injected due to the lack of authentication.
The 2nd CPS threat factors threat the target: the CPS
applications and their users or components [109]. The 3rd
factor of the CPS threats is the motive of the danger in which
the CPS assailants have reason to make an attack, e.g., spying,
cyberwar, or criminal [110]. The 4th factor of the CPS threats
is the threat vector, which can do one of four mechanisms for
a successful attack, e.g., alteration, disruption, fabrication, and
interception. The 5th factor of the CPS threats is the threat's
potential consequences, which comprise the CPS integrity,
confidentiality, availability, privacy, as well as safety [111].
B. THE CPS SECURITY THREATS IN THE SMART GRID
AND INDUSTRIAL CONTROL SYSTEMS
This section gives potential CPS security threats in both the
smart grid and industrial control systems as shown in Table 3.
The smart grid comprises the generation, transmission, and
distribution systems. Accordingly, the threats include
generation, transmission, distribution, physical, political, and
financial sections. Meanwhile, the industrial control system
refers to technologies that can monitor and control electrical,
industrial, and manufacturing processes [112]. As a result, the
threats comprise intelligence agencies, criminal, physical,
political, and financial sections.
For successful operation of the smart grid, three significant
connotations must be satisfied, e.g., communication
flexibility, the resilience of the control system, and the smart
of the distribution. Nevertheless, it is hard to fulfill such goals,
particularly in insecure environments.
The smart grid can be subjected to malicious threats in the
physical along with cyber components [113].
The CPS Threats Factors
Source Target Threat vector
Motive Consequence
FIGURE 10.The CPS threats factors.
The CPS Threats Sources
Cyber Threats Physical Threats
Passive Threats
Active Threats
Information
harvesting
Tracking
Denial of service
Integrity
Availability
Confidentiality
Authentication
Impersonation
Environmental
factors
Adversarial
factors
Availability
&
Security
Invade Invade
Accidental
factors
CP Threats
FIGURE 11.The sources of the threats in the CPS and the properties they invade.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
TABLE 3. The CPS security threats In the smart grid and industrial control system
Application
Attack Target
Attack Scenarios
Smart
Grid
Generation
threats
Wide control area [84], [105], [139], [197]
Bad command generation of automatic generation
control and manipulate sampling data
Transmission
threats
SCADA [26], [77], [78]
Triggering false alarms and injecting false data, and
changing the switch states
Distribution
threats
Distributed power supply and meter infrastructure
[28], [55], [57], [97]
Modifying the instrument's readings, disturbing the
management of the distribution, and reducing the
credibility of the power generation.
Physical threats
Damaging or vandalize components of smart
grids [7], [40], [82], [94], [122], [144], [150]
Causing service disturbance and potentially blackouts
Political
threats
Initiating a cyberwar from a national power system
against another country’s national power system [17],
[18], [19], [38], [57], [69]
Large scale blackouts, turbulences, or financial
losses
Financial
threats
Tricking a utility company’s billing system [40], [56],
[61], [62], [88], [96], [122]
Tampering the smart meters to reduce the
electricity bill
Industrial
Control
Systems
Intelligence
agencies threats
Performing investigation operations targeting a
nation’s CI [136], [137]
Secrecy violations of critical data
Criminal threats
Exploiting the wireless capabilities to control the
industrial control system application remotely [5],
[157], [165], [212]
Disturbing the industrial control system operation
Physical threats
Spoofing a temperature sensor in a specific
environment [53], [39], [45], [63], [164]
Sending deceptive, false measurements to the
control center
Political
threats
Initiating a cyberwar from a nation against another
nation [54], [136], [137]
System’s shutdown, damage in
components, or environmental pollution
Financial
threats
Reducing the utility bill to deceive the utility [40],
[56], [61], [96], [122]
Losing the financial
The CPS High-Level Properties
Availability Safety Integrity
Reliability
Resiliency
Restoration
Avoidance of hazards
Safe operation
Users privacy
Authorized access
FIGURE 12.The CPS high-level properties.
The physical threats aim at the power system components,
e.g., transmission lines, generators, and transformers, that can
change the power system's topology or trigger cascading
failures [114]-[116]. As the transmission lines can spread over
a large area, it is easy to be attacked than the substations.
These threats can be easily detected using protection devices
that indicate the failure or the operation of the physical
components. Additionally, the cyber threats aim at the
SCADA system that deceives the power system operation.
This can cause high economic losses and is difficult to be
detected if the threat vector is well-structured [117]-[119].
The assessment of the CPS security system performance
and its threats in the smart grid and the industrial control
system can be executed via the continuous monitoring of the
data in the CPS system by assessing the efficiency and the
state of the infrastructure. For the power electronics
components used in the power distribution in the smart grid
and the industrial control system, a detailed analysis of the
power consumed between the industrial and residential areas
is performed [120].
For securing the CPS, it must satisfy three significant
security requirements: availability, safety, along with the
integrity, as illustrated in Fig. 12.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
The 1st requisite in the CPS security is the availability that
comprises the reliability, resiliency, and restoration in which
the CPSs can provide critical functions; therefore, it must
operate without any interruptions. Thus, the cyber and the
physical components implementation must be synchronized
for ensuring continuous-time operation. In addition, in case an
attack is occurred in the system, thus, the system must have
sufficient resiliency and restoration for maintaining the
operational status of the system, possibly at a degraded level
of stability or security. Also, a balance between the
energy/power is essential for the computation process and the
energy/power consumed by the resource impressed for the
actuation of the system. Moreover, for highly critical systems,
patching processes are evaded as the patching needs to restart
the system. These patches may trigger other procedures that
may interfere with the system’s operation. Since these
systems' availability can compensate for the high risks of the
vulnerabilities, they endure unpatched [121].
The 2nd requirement in CPS security is safety: for any CPS
system, the safety of each component is a vital part. The CPS
has smart context-aware system that takes decisions to
stimulus the state's nearby physical and all its elements. The
CPS should consider all the operating scenarios and count for
all possible yield decisions. For the power electronics in the
smart grid applications, mechanisms must be employed to
guarantee that the power will not interrupt and no over-voltage
delivery can occur [122].
The 3rd requirement in CPS security is integrity: the
integrity of price information is considered a serious issue. For
example, the hacker's negative prices can originate from an
electricity employment spike as several devices would
concurrently turn on to benefit the low bill. Though the
integrity of commands and meter data is vital, their effect is
commonly restricted to revenue loss. Instead, software
integrity is serious since malware or compromised software
can control any grid component along with the device [123].
Both cyber and physical securities should be secured.
Indeed, they must be protected against environmental
conditions and illegal interfering. For the power electronics in
the smart grid applications, all the outdoors equipment should
be placed in a weatherproof housing. Moreover, protocols and
policies must be performed such that both information and the
operational amenities of the CPS system are only accessed
with tolerable authorization. Similarly, the confidentiality of
the sensitive information of the CPS physical components
must also be protected. The significant feature in the security
of the CPS system is that cyber threats have a physical
influence. Therefore, software security solutions that launch
CPS threats are not enough. Hence, an inclusive methodology
that considers both the cyber and the critical physical
procedures of the CPS system [124]. There are two significant
factors in designing the critical attack system: the attacker cost
and the defender cost. The attacker cost comprises the
knowledge and the resources mandatory for mitigating the
attack. Meanwhile, the defender costs include power outages,
equipment damages, and economic losses [125].
VI. THE POWER ELECTRONICS APPLICATIONS CPS
SECURITY VULNERABILITIES
This section provides the main reasons for the vulnerabilities
of the CPS security in the applications, which include the
power electronics, e.g., smart grid and the industrial control
systems. Then, we present the cyber CP, along with physical
vulnerabilities in the power electronic systems existing in
networked smart grid and industrial control systems
applications. The CPS security vulnerabilities in the power
electronics applications can be categorized into three types
according to the CPS security aspect: the vulnerabilities in the
cyber, vulnerabilities in the CP, and the vulnerabilities in the
physical [126]. The main reasons and vulnerabilities of power
electronics in the smart grid and the industrial control systems
are summarized in Table 4. These vulnerabilities causes are
discussed in detail as follows:
A. THE VULNERABILITIES REASONS IN THE POWER
ELECTRONICS APPLICATIONS
A.1 ISOLATION ASSUMPTION
The main concern in designing the power electronic system is
to be reliable, secure, and operate in a safe mode as the system
design is supposed to be isolated from the outside world as
well as, thus secure. The security was not important in the
power electronic system, as the systems were thought to be
outside isolated from the world, and consequently, considered
secure. For instance, in the smart grid and the industrial
control system, security depends on the supposition that
systems are outside isolated from the world, as well as the
control and monitoring operations are accomplished locally.
Moreover, the implantable medical instruments were initially
designed to be isolated from other external interactions as well
as networks. Indeed, this isolation supposition also exists in
the smart cars as the electronic control units’
intercommunications security depends on their isolation from
adversaries. Recent improvements in the CPS applications do
not follow this isolation supposition, but somewhat more
connectivity has been introduced. As more connectivity
increases the number of access points to cars, therefore, more
attack surfaces arise [127].
A.2 HETEROGENEITY
The CPS system comprises various components, and each
section in this system has its own security problem. For
instance, the component can be manufactured, implemented,
or specified via various entities, as well as finally integrated
via the system deployers. Therefore, the CPS building
components are more incorporated rather than designed. This
incorporation invites the intrinsic vulnerabilities of each
product. Moreover, the inside details of incorporated
heterogeneous components are unidentified, and consequently,
they may cause unanticipated behavior when they are
organized. This integration can invite the inherent
vulnerabilities of every product. For instance, one step of the
Stuxnet attack was to abuse the default password in Siemens
programmable logic controller to access a computer operating
a Windows OS. Most recent, the heterogenous components
internal details are unidentified, as well as accordingly,

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
unexpected behavior can be produced when they are deployed.
Actually, most of the bugs that led to efficacious attacks in
smart cars, for instance, were found at the boundaries of
interconnected components fabricated via various vendors,
where the improper suppositions interact [128].
A.3 COMPLEX CONNECTIVITY
The CPS system has many connections in which the
manufacturers add various services that rely on wireless
technologies and open networks. Both the smart grids and the
industrial control systems are connected to the internet via
control centers or business associated networks. These
connections are complex and can make the system expose to
serious attacks. Actually, most industrial control system
attacks have been internal till 2001; after that the furthermost
of the attacks initiate from Internet-based sources. This is
obviously, because of the increased connectivity used in the
industrial control system. Furthermore, for rapid incident
response along with more ease, some instruments are
connected directly to the Internet. The medical instruments
can have wireless abilities for easing the monitoring along
with the reconfiguration. Smart cars can have more
connectivity, thus, they are denoted as “connected cars.” This
connectedness depends on wireless communications for
example cellular, Bluetooth, satellite radio communications,
along with RFID [129].
B. THE CP VULNERABILITIES IN THE POWER
ELECTRONICS APPLICATIONS
The power electronic system CP security depends on
protocols, e.g., Modbus, DNP3, and IEC 61850. Moreover,
these protocols' deficiencies can affect the power of electronic
system performance and the framework [50]. The protocols
that lack encryption can make the data susceptible to
eavesdropping and severe attacks or injecting false data due to
the lack of authentication.
Other vulnerabilities in the power electrons applications
are the usage of the smart meters, which have two-way
communications that donate to various security concerns
about the attacker's capabilities to avail the interaction. As the
smart meter has a backdoor, it can make the attacker abuse to
have full control over the device [130].
C. THE CYBER VULNERABILITIES IN THE INDUSTRIAL
CONTROL SYSTEMS
C.1 INDUSTRIAL CONTROL SYSTEMS COMMUNICATION
VULNERABILITIES
The industrial control system depends on standard protocols
like the TCP/IP and ICCP, which makes the industrial control
system insecure due to insecure protocols. The TCP/IP’s
vulnerabilities have been inspected in [131], [132], but this
protocol still has security concerns as it is not anticipated to be
secure via the design. Indeed, the remote procedure call (RPC)
protocol has security vulnerabilities, although it contributed to
the renowned Stuxnet attack [133]. Moreover, the ICCP
protocol, which interrelates control centers, deficiencies
significant security measures like authentication and
encryption [134].
TABLE 4. Summary of CP vulnerabilities types and reasons in smart grid and industrial control systems
Application
Vulnerabilities
Type
The Main Cause
Smart Grid
Communication protocols
Cyber
Connectivity or isolation assumption
Customers’ privacy attack
Cyber
Connectivity, isolation assumption, or heterogeneity
Insecure protocols
CP
Connectivity or isolation assumption
Equipment physical stoppage
Physical
Isolation assumption
Software
Cyber
Connectivity, isolation assumption, or heterogeneity
Insecure smart meters
CP
Connectivity, isolation assumption, or heterogeneity
Interconnected field instruments
CP
Connectivity, isolation assumption, or heterogeneity
Industrial Control
Systems
Wired communications
Cyber
Isolation assumption or heterogeneity,
Web-based attacks
Cyber
Connectivity or heterogeneity
Software
CP
Connectivity or heterogeneity
Equipment physical stoppage
Physical
Isolation assumption
Open communication protocols
Cyber
Isolation assumption or openness
Insecure secondary access points
CP
Connectivity or isolation assumption
Insecure protocols
CP
Connectivity or isolation assumption
The wired communications comprise the fiber-optic along
with the Ethernet. The Ethernet can be employed in the
substations in local area networks. The Ethernet can be
exposed to interception and man-in-the-middle (MITM)
attacks as the communication with the Ethernet uses the same
medium.
The attacker can cause the MITM attack by interrupting
the communication packet and altering its contents or forcing
a sensor node to transmit incorrect data [135].
C.2 INDUSTRIAL CONTROL SYSTEMS SOFTWARE
VULNERABILITIES
The most prevalent web-related vulnerabilities in the
industrial control system software is SQL injection, in which
the attackers can attack the databases’ records without any
authorization [136]. These databases are linked directly or
indirectly to the industrial control system and comprising
secret data, e.g., user's information or historical data.
Moreover, electronic mails can denote malware dispersal to
the network.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
Furthermore, the deceivers can attack the network via the
industrial control system connected to computers.
Consequently, both the industrial control system and the
network as a whole can be at risk. Indeed, the vulnerabilities
can also include the connected devices to the internet such as
the laptops of the employees’ and smartphones, which can be
exposed to do malicious activities, which affect the desired
control devices operations [137].
D. THE CYBER VULNERABILITIES IN THE SMART GRID
D.1 SMART GRID COMMUNICATION VULNERABILITIES
The smart grid infrastructure information relies on internet
protocols with familiar vulnerabilities that are used in
launching the attacks on the grid. The TCP/IP is employed for
the general-purpose connection to the internet and is not
utilized for connecting to the control centers. The internet-
faced networks directly or indirectly connected to the smart
grid because of the network misconfiguration [138].
Moreover, the ICCP protocol for data exchange between
control centers has serious buffer overflow vulnerabilities
[139].
D.2 SMART GRID SOFTWARE VULNERABILITIES
In the networked smart grid, the smart meters can be easily
attacked as it is remotely upgraded. The attacker can make a
blackout via controlling the meters, either from the meters
individually, or the control center. These vulnerabilities can be
exploited via a software bug. The grid constituents can be
accessible and provide a potential access point for pernicious
hackers [140].
D.3 SMART GRID PRIVACY VULNERABILITIES
This vulnerability has emerged as a consequence of the 2-way
communications between smart meters placed at the
customers’ houses along with the utility companies. Hackers
can intercept the enormous amount of traffic produced from
smart meters as well as infer secretive information about the
customers [141]. The type of information hackers can be
interested in, e.g., regular habits as well as residences’
absence/ presence.
E. SMART GRID PHYSICAL VULNERABILITIES
The smart grids’ field instruments are placed in insecure
environments. Thus, numerous physical components can be
highly exposed without physical security, and therefore,
vulnerable to direct physical damage. For instance, the power
lines can be susceptible to accidental, malicious, and natural
attacks. Moreover, smart meters attached to houses, buildings,
and remote areas, make them an easy goal to numerous
physical attacks. It is even infeasible to attain sufficient
physical protection of real assets in smart grids. Thus, it is
necessary to develop detection along with inhibition solutions
[142].
VII. CP VULNERABILITIES IN SMART GRID
A. THE VULNERABILITIES IN SMART GRID
COMMUNICATION
The infrastructure of the power system in the smart grids
depends on these protocols, e.g., Modbus as well as DNP3.
Moreover, IEC 61 850 has also been introduced lately as an
enhancement of these protocols in the substations'
communications. The shortage of security features in these
protocols has a different influence on the smart grids'
situation. For instance, protocols without encryption can make
the data in transit vulnerable to eavesdropping, which results
in various attacks, e.g., injection of false data because of the
lack of authentication [143] or the implication of customers’
usage patterns [144]. Indeed, it is also conceivable to inject
false data, resulting in decisions based on false information
[145], or inject the network with false packets that target to
flood it, resulting in a DoS attack.
The smart grids comprise of heterogeneous components
run through diverse entities. For instance, a generation plant of
a grid correlates with a transmission plant, where the
transmission plant can interact with the distribution plant.
Finally, the distribution conveys electricity to customers. Each
kind of interface is regularly administered as well as run via
various companies, which introduce vulnerabilities in
communication and collaboration [146], [147].
B. SMART GRID VULNERABILITIES WITH SMART METERS
Smart meters depend on two communication methods, which
donate to several new security prospects about an attacker’s
aptitudes to abuse such interaction [148]. For instance, the
smart meter can have a backdoor as the attacker may exploit
to have full control of the device. Aside from the customers'
accounts with restricted aptitudes employed for elementary
configurations, this login account can give full control to the
manipulator over the smart meter. Furthermore, the
communication can be transmitted via telnet which is
recognized for major security weaknesses, such as sending
data in clear text lacking encryption.
In case complete control on the smart meter occurs, three
possible attacks may arise:
1) Power disturbance via malicious connections with
supplementary devices for altering their desired power
consumption, or indirectly, via injecting false information as
the control center can receive false data and make incorrect
decisions.
2) Employing the meter as a “bot” for launching attacks
alongside other smart meters or systems in the smart grid
network.
3) The meter's collected data can be interfered with so that
the bill reveals false data for minimizing the bill to the
consumer [149].
VIII. ANALYSIS AND IMPACT OF CYBER-ATTACKS
VULNERABILITY ON CONTROLLING THE VOLTAGE
SOURCE CONVERTERS
A. CYBER-SECURITY
As communication technologies are fast spreading, the
disturbances on the cyber components are becoming a reality.
These disturbances can considerably affect the performance of
the smart grid. Indeed, due to the increased penetration of

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
voltage source converters in the smart grids, their serious
effect on the system as it can be easily attacked cannot be
ignored. This makes researchers concentrate on designing safe
control approaches besides conventional encryption-based
methods. In general, spoofing attacks can be caused by
communication links along with sensors, where the signals are
either quantized, interrupted, or intimidated. The spoofing
attacks types include caller ID spoofing, website spoofing,
email spoofing, IP spoofing, GPS spoofing, and text message
spoofing. These spoofing attacks occur when the attacker or
the malicious program effectively acts on another person's (or
program's) behalf via mimicking the data. Moreover, the
attacker can pretend to be someone else or another computer,
device, etc. For the IP address spoofing attack, the attacker
can send the IP packets from a spoofed source address for
disguising itself. The DoS attacks often employ the IP
spoofing to overload networks along with devices with
packets, which seem to be from legitimate source IP
addresses. The FDI attacks are caused by injecting auxiliary
signals or altering the measurement content conveyed via the
sensors [150]. Meanwhile, the MITM attack occurs in the
communication links [151]. In the case of signal jamming,
which may lead to an interruption in transmitting the signals,
this attack is known as DoS attack [152].
The cyber-attacks can be performed on load aggregators,
smart meters, as well as sensors in an active distribution
network for degrading the power flow management, voltage
stability, frequency regulation based ancillary services, etc. In
addition, any argumentative outbreak into the cyber channels
via numerous methods, e.g., changing the measurements
communication, jamming the information flow, and disabling
cyber links can introduce system shutdown. The guarded
nature of these attacks relies on several factors, e.g., the
attacker's ability to pierce into the system particulars and the
degree of system information developed via the hacker.
The control layers can be implemented in real-time
processors. The intrusion into the control layer only permits
access to the commanded set-points (frequency, DC-link
voltage) throughout the run-time rather than the inner control
layers [153].
The inner loops can be compiled into the processor's read-
only memory; thus, the sensor values disturbance cannot
mislead the system operation. The system dynamics can
fluctuate when the references are altered to activate the
protection layer or trigger instability. This can be described
mathematically employing the state-space representation of ith
voltage source converter for:
( ) ( )
( ) ( ) ( )





+=
+=
tDUtCXtY
tBUtAX
dt
dX
iii
ii
i
(3)
ni
, where Xi=[VG, IG, P, Q, VDC]T, meanwhile, U=[ω*,
VDC*, P*, Q*, E*]T with the state parameters represented
through the grid voltage, grid current, active power, reactive
power, DC-link voltage, respectively; and the input
comprising of the frequency command, DC-link voltage
command, active power command, reactive power command
along with inverter voltage command for ith voltage source
converter, respectively. Indeed,
n
X
,
S
Y
,
m
U
,
nn
A

,
mn
B

,
np
C

,
mp
D

.
For simplification, the output variable as well as each state
can be individually compromised via the deceiver. The attack
signal
( )
np
it+


relies definitely on the strategy of the
attack. In case

pn+
+=

,...
21
represents a null vector.
Thus, the response of the system is unbiased. For detecting the
existence of the cyber-attack element, a residual signal
p
R→ 0:
test can be followed. It does not consider
a design parameter, as it relies on the attacker’s intent [154].
Remark 1: The attack signal’s nature and magnitude can be
unbounded/bounded and entirely reliant on the attacker’s
intention. Though the corrective control measures design to
guarantee a resilient system is always performed, the nature of
the attack remains.
The attacks can be detected by employing a centralized
attack detection filter using a modified Luenberger observer.
Thus, the estimated dynamics of ith voltage source converter
with identified initial states X(0) are defined by (4):
( ) ( )
( ) ( ) ( )





−=
−+=



tYtXCtR
tGYtXGCA
dt
Xd
iii
ii
i)(
(4)
where
( )
tXi

represents the estimated state. Indeed,
( ) ( )
00 ii XX =

as well as the injection matrix output
pn
G

is such that (A + GC) is Hurwitz.
Remark 2:
( )
−
RtRi
if and only if
( )
0=t
i

for
0t
where
−
R
is an inconsiderable value.
The physical disorders, e.g., faults, load change, line
outage, will always follow Remark 2 as the model dynamics
will always be unchanged via employing the unbiased
measurements throughout these disorders. Instead, the inner
control loops are robust against the cyber-attacks as it works
with a tracking objective for each state. The inner control loop
is full against cyber-attacks only when the outer control loop
is unattacked [155].
The artificial dynamics produced by the attack element is
nullified in (3), if (5) is fulfilled:

=
=
n
ii
10

(5)
Indeed, the attacks in the attack set ∑ can be classified as
unidentified from the monitors, if and only if
n
X
when

=+− oCXoAsI
, where

=
. These attacks are
generally designated as coordinated attacks, as they are
efficiently bypassing the attack filters illustrated in (4).
Via employing (5), the control inputs can either be
manipulated in the communication links or the controller

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
through an external entity. Due to the strict couple between
the cyber and control layers, the exposure to cyber-attacks
intensifies for an interconnected system of voltage source
converters. Due to the increase in attack-vulnerable points, the
ancillary sustenance provided by the connected voltage source
converters can be simply misled, causing system collapse.
These outcomes ultimately cause techno-economic disasters
by defaming the electric network with the FDI attack vectors
into the CP layer [156].
B. VULNERABILITY ANALYSIS OF CYBER-ATTACKS ON
THE CONTROL OF VOLTAGE SOURCE CONVERTERS
1) Grid-forming control for voltage source converters: Fig. 13
depicts the traditional control structure for the grid-forming
voltage source converters. The black and blue lines in Fig. 13
signify the communication layer along with attack elements
injected into communication link/sensors, respectively. The
grid-forming voltage source converters can regulate the
frequency as well as the voltage locally. For the
synchronization with other AC sources, a primary droop
control needs to be aligned locally via employing the available
measurements. This structure is significantly safe from the
cyber-space aspect as the attackers cannot access the physical
layer. Furthermore, beamforming is widely employed as
suitable physical layer security [157]. Though, the
decentralized control strategies undergo an operational
perspective in matching the commercial, regulatory standards
[158]. This disadvantage has been solved via employing a
secondary controller using the information from other voltage
source converters. The centralized or distributed secondary
control strategies can be imposed on the primary control law
for offsets compensation. Though, this creates a large
vulnerable space for the hackers to find the attacked data
either into the controller, the communication link, or the
sensors. The common intrusion techniques for manipulating
each component are discussed below:
• Sensors: The sensors’ data can be used via the adversary
penetration in the control platform. This penetration is
simply accomplished via Trojan Horse [159] in which the
remote systems are employed as hosts. From the
acquisition panel, the sensor output is usually within 15
V. For calibrating it alongside the real measurement,
acquisition gains using a linear plotting system is utilized.
The attacker usually tries to alter the acquisition gains to
create a bias in the reported measurements.
• Communication Links: Communicated data is handled
either inside the communication stage comprising a
decoder/router/encoder or the controller. There are
numerous ways in which the transmitted data can be
managed, e.g., rerunning the transmitted information from
the past, disruption of the transmission of signals,
authorization violation, illegal opening of information
logs, etc.
• Controller: The controller can be illegally accessed via
employing Trojan Horse for altering the reference inputs
used in the secondary controller for controlling the
voltage source converters or the outer control loop.
2) Grid-feeding and supporting control for voltage source
converters: For the voltage source converters, the grid feeding
control is used for injecting reactive/active power in the grid-
forming units. This strategy is widely employed in grid-
connected applications to integrate renewable energy sources
[160]. Via adding the desired control inputs to the overlaying
grid-forming controller, the supportive grid services can be
enhanced, as depicted in Fig. 13.
The commanded DC-link voltage VDC* or the measured
DC-link voltage via the sensor VDC are generally vulnerable to
cyber-attacks, as the attacker can either increase or limit the
flow of the power from the voltage source converters, thus
making a coordination/stability problem in the network.
Furthermore, the output of the grid-supportive service QGss as
well as PGss can also be multifaceted with false data for
misleading the controlled units.
Table 5 summarizes the vulnerable points of the attack in
the grid-feeding as well as grid-forming voltage source
converters control. It is clear that the references or the
measurement signals, signified as Xj, can be transmitted by
supplementary units to the upper-level control, whichever for
secondary control objectives or for grid-supportive services
[161].
IX.THE CPS ATTACKS MITIGATION
In case the signs of the attack have been endorsed, thus,
mitigation efforts will be performed via the system operator
for reducing the damages along with potential disruptions.
When the attack is cleared from the system, prevailing
restoration as well as mitigation mechanisms can successfully
continue the safe along with consistent power system
operations. Though, if the attacking threat is not detected,
thus, the operator needs to consider persisting malicious
endeavors in the system. In these interactive scenarios,
mitigation approaches are generally modeled as well as solved
via bi-level optimization or game-theoretic approaches [162].
The detailed common CPS controls, smart grid cyber controls,
smart grid CP controls, along with the defense mechanisms
are discussed below.
A. COMMON CPS CONTROLS
Via addressing the causes of the vulnerability, the proper
solution can be employed for mitigating the severe attacks as
discussed below:
1) Controls alongside extra connectivity: Innovative
security concerns must be considered for safeguarding the
access point from illegal access. Moreover, the
communication protocols employed for recognizing such
connectivity are either copyrighted protocols, e.g., DNP3 and
Modbus in deployed the smart grids, or open protocols, e.g.,
IP/TCP. The copyrighted protocols are burdened with various
vulnerabilities as a result of the isolation supposition when
designing the protocols [163].

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
Grid Supportive
Services
PLL
AD
PWM Current
Loop
VDC Loop
abc
αβ
abc
αβ ∑
∑
∑
LG
LG
LG
LfG
LfG
LfG
Lf
Lf
Lf
Q Loop
P Loop
Ref.
gen ∑
∑
∑
PQ
Calculation
Q
P
Grid
VDC*
VDC
Voltage Source Converter IGa
IGb
IGc
θG
Cyber-attack
I
I
QGss PGss
IGα *
IGβ *
IGα IGβ
Cf
Cf
Cf
φ
FIGURE 13. The P-Q control of grid-supportive voltage source converter: The black and blue lines signify the communication layer as
well as attack elements injected into communication link/sensors, respectively.
TABLE 5. The Vulnerable points in the control stages of different voltage source converters types
Current Control
Outer Control
Secondary Controller
Grid-supportive Services
Grid-forming
x
Q*, P*
MITM attack on Vj, ωj (j:
represents the communicated
measurements), DoS/ FDI on
(Vi, ωi, Psec, Qsec) (sec: denotes
the secondary controller)
x
Grid-feeding
x
VDC*, VDC
x
x
Grid-supporting
x
x
x
PGss, ω*, QGss, E*
2) Communication Controls: The security solutions at the
communication level in the smart grid should consider the
differences with conventional IT solutions. For instance, an
intrusion detection system (IDS) should be time-critical as
long delays are excruciating [164].
3) Device Verification: CPS components with running
software requisite to authenticate the software’s authenticity.
This authentication can minimize malware effectively. For
instance, hardware-based solutions, e.g., trusted platform
module (TPM), afford code attestation.
Though, TPM is supposed to be physically secure, which is
unpractical to assure in the smart grid CPS applications.
Moreover, the TPM is the computational overhead on the
restricted resource CPS applications. Hence, the TPMs
emerging generation, which takes into account the restricted
CPS resources, is required [165].
B. SMART GRID CYBER CONTROLS
a) DoS controls: The attacks on the communication
components should be prohibited and easily detected. The
DoS attack prevention is generally accomplished by
reconfiguration of network architecture, rate-limiting, along
filtering malicious packets. The DoS and communication
components attacks can occur in smart grids, while the DoS
attack is difficult because of its comparatively static nature.
Moreover, the physical layer techniques are employed to
prevent the attacks of the nature of wireless jamming. Instead,
DoS detection methods can be classified into four types:
1) Hybrid detection; 2) Proactive detection; 3) Packet-based
detection; along with 4) Signal-based detection techniques
[166].
b) Privacy-protective controls: The shortage of
confidentiality in data aggregation protocols (DAPs) can result
in a privacy attack on consumers’ information. For example,
the energy use patterns and billing information [167], while
the shortage of integrity disturbance in the consumption
reports along with state estimation [168]. Consequently,
various privacy-preserving methods have emerged to provide
aggregated data with integrity and confidentiality when in
transit between control centers and smart meters [169].
Another privacy that can affect safety or finance is the
aptitude to identify the (in) occupancy to break in. Chen et al.
in [170] have introduced combined privacy as well as heat
mechanism for making the poser convention data always
seems like the house is occupied and, thus, tricks occupancy
detection methods.
c) FDI controls: Yang et al. in [171] introduced a
polynomial-based compromise-resilient en-route filtering

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
approach. This approach has been designed to prevent the FDI
attacks by filtering the false data successfully and
accomplishing a high resilience to the number of
compromised nodes without depending on node localization
and static routes.
d) Standardization: Several bodies, e.g., the National
Institute of Standards and Technology (NIST) and IEC, have
established a set of standards for safeguarding smart grids’
communications. For instance, IEC’s have established
standards 61850 and TC57 [172]. Meanwhile, NIST has
established recommendations for smart grids in report 7628
[173].
C. SMART GRID CP CONTROLS
a) IDS: The IDS for smart grids is considered an enduring
problem, which is not developed yet. The IDS design for
smart grids is a complicated assignment because of the vast
size of the grids as well as the heterogeneity of their
components [174]. Furthermore, IDS employed for
conventional IT systems will not essentially work for the
smart grids. They are precisely designed for smart grids to
minimize the probability of false detection rates. G. Pu et al. in
[175] introduced an anomaly-based IDS, which can detect
malicious actions by employing artificial ants with a Bayesian
reasoning approach. Moreover, H. Hindy et al. in [176] have
introduced behavior-rule-based IDS for attack detection on CP
devices in the smart grids, e.g., subscriber energy meters,
headends, as well as DAPs [177]. Y. Peng et al. in [178] have
presented an IDS for bad data injection attacks detection
aiming the smart grids. Their technique depends on combining
detecting methods from the conventional IDS along with
physical models. M. Eskandari et al. in [179] have introduced
another IDS based on two detection methods: 1) watermarking
and 2) anomaly detection methods.
b) Low-level authentication and authorization: The
common obstacle in the smart grids is users’ authorization and
authentication for accessing low-level layers, e.g., field
devices. Generally, entire field devices can share the same
password that employees know. This results in the
unfeasibility of the nonrepudiation security requisite. The
malicious employee can gain access to the field device and
perform unwanted alterations to the system, and who did it is
traced. Thus, T. Dimitriou et al. in [180] have introduced an
authorization and authentication mechanism, which can
provide legitimate employees the aptitude for accessing the
field devices in smart grids' substation automation systems.
This technique depends on elliptic curve cryptography
because of its low computation and key size desires compared
with former public key methods.
c) Emerging designs: emerging, innovative security issues
need numerous aspects of smart grids to be approached
differently. The CP system's nature needs to be taken into
consideration. P. S. P. Pessim et al. in [181] have presented
CP security, an innovative technique that combines cyber-
security controls and systems-theoretic. They introduced two
examples, which showed the applicability of their approach on
two attacks on the smart grids: 1) stealthy deception as well as
2) replay attack. They endorsed the requisite for taking into
account those two types of components, physical- and cyber-
components, for the smart grids.
d) Security extensions: Adding-on security trends to
prevailing components of the smart grids has been emerging.
Protocols such as IEC 61850, DNP3, and IEC 62351 are
extended to capture the security properties. For instance, a
secure DNP3 protocol is an extended DNP3, which has
elementary confidentiality, integrity, and authentication
services. The security geographies are added via interleaving a
security layer in these protocols' communication stacks [182].
e) Smart meters’ deactivating inhibition: For avoiding
remote attackers who can exploit the deactivating inhibition in
the smart meters, A. S. Sani et al. in [183] have proposed that
smart meters can be programmed for notifying customers in
enough time beforehand before the command takes outcome
as well as deactivates meters. This measure can indicate the
early detection of DoS attempts before occurrence.
D. DEFENSE MECHANISMS
Attacks have been investigated in numerous applications
that are intensively reliant on distribution systems with solar
farms [184] and power electronics converters. It also contains
smart grid components with voltage support devices [185].
Power electronics have driven HVAC (heating, ventilation, as
well as air conditioning) systems [186], along with microgrids
[187], [188]. They generally concentrate on either detecting or
analyzing cyber-attacks influencing grid functionality,
stability, and operating costs. Quick detection, as well as
identifying the cyber-attacks, is crucial for a reliable along
with the safe operation of the smart grid. The attacks can be
avoided via a defense-in-depth pattern that can detect, prevent,
and safeguard the system against these attacks.
The defense techniques use mechanisms that barricade the
attack's accomplishment to limit its influence on the power
electronic systems. These defense techniques embrace the
encryption and secure communication protocols, which are the
1st seed in the defense against cyber-attacks; the circuit
breakers along with relays are considered defense devices that
can prevent severe faults [189].
The defense alongside the CP attacks in the power
electronic system can be categorized into three groups:
Detection: the detection techniques are used when defense
methods are failing in thwarting the disturbance; these
methods employ models of the anomalous behavior in
addition to the system measurements to recognize the
abnormalities. The detection methods can also be performed
via utilizing sensors to identify the attacks faster or by adding
extra layers of security to the elements exposed to attacks.
Moreover, the detection techniques can detect the undesirable
system state's incident, actual cyber-attack, or both of them.
Additionally, reaction techniques can be employed to recover
the system from the disturbance and control the power
electronics system operation effectively [190].
Prevention: the prevention refers to the security
approaches that avert the attacks by employing authentication,
security policies, access controls, and network segmentation.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
Since the attack is intelligent and can respond to the
prevention action, the incorporation between the defender and
the attacker is modeled via game theory.
Response: as the power electronic system CPS has real-
time restraints, the security approach needs to act
automatically without human intrusion for rapid attack
mitigation. Actions executed after a detected attack are
reactive responses that aim to restore the power electronic
system and mitigate the attack influence. After detecting an
attack, a mechanism is updated and modified automatically to
counteract the attack [191].
Comprehensive researches have been conducted for
fulfilling the smart grid security via detecting as well as
identifying the cyber threats and protecting the smart grid
from the attackers as illustrated in Table 6 with detailed
discussion below:
TABLE 6. The CPS defense mechanisms in the smart grid
Technique
For Detecting
Reference
The distributed multi-agent approach
Cyber threats
[192]
Maximum likelihood (ML) estimation approach
Cyber-attack, FDI attacks
[193]
Model-free reinforcement learning for POMDPs
Cyber-attacks
[194]
Unsupervised anomaly detection technique according to the statistical correlation between
measurements
Distinguishing the real fault from the
disturbance
[195], [196]
Supervised machine learning along with a model-based logic
Evaluating the type of activity e.g.
normal, perturbation, attack and
perturbation-and-attack.
[197]
The interval state estimation-based defense
Sparse cyber-attacks
[198]
Wavelet singular values as input index of deep learning approach
FDI attack detection
[199]
Unsupervised machine learning-based approach
CDIA in the communications networks
[200]
An enhanced online RL approach entitled nearest sequence memory Q-learning approach
FDI attacks
[201]
The deep reinforcement learning
Cyber-attacks
[202]
Cognitive dynamic system
FDI attacks
[204], [205]
In [192], the distributed multi-agent approach has been
developed for identifying as well as detecting the cyber threats
on smart grids protection systems. The agent-based intrusion
detection system employed the relay status logs,
synchrophasor data, as well as network event monitor logs for
identifying the events precisely. Moreover, the designed
agent-based approach successfully discriminated the attack
from the fault as well as the agents' employed accessible
information for preceding their operation in case the
communication disappointment. In addition, the results
provided a platform for implementing the proposed approach
on the infrastructure of the relay, which is an effective tool for
detecting along with counter measuring probable cyber
threats.
In [193], a rapid decentralized technique for detecting the
cyber-attack via employing the maximum likelihood (ML)
estimation which can exploit the near chordal sparsity of smart
grid for establishing an effective framework to elucidate the
associated ML estimation problem via applying the Kron
reduction of the Markov graph of phase angles. This detection
technique is afterward decomposed to numerous local ML
estimation problems for guaranteeing privacy as well as
reducing the underlying problem complexity. The simulation
results validated the efficacy of the proposed technique in
detecting real complex stealthy FDI attacks.
In [194], an online attack/anomaly detection problem has
been formulated as a partially observable Markov decision
process (POMDP) problem, as well as a universal, robust
online detection algorithm has been proposed via employing
the framework of model-free reinforcement learning (RL) for
POMDPs. The numerical results endorsed the proposed RL-
based technique's effectiveness in timely along with precise
cyber-attacks detection aiming the smart grid.
In [195], an unsupervised anomaly detection technique
according to the statistical correlation between measurements
has been introduced. Via this technique, a scalable anomaly
detection engine has been designed for large-scale smart grids,
which can distinguish the real fault from the disturbance as
well as a smart cyber-attack. In this technique, a symbolic
dynamic filtering (SDF) has been employed for reducing the
calculation burden while realizing causal exchanges between
the subsystems. According to the free energy as the anomaly
index, learning algorithms based on the Boltzmann machine
and dynamic Bayesian network perception have been
employed to detect the unnoticeable attacks. This technique
has been assessed on various IEEE test systems under
different operating conditions for numerous measures (false
positive rate, true positive rate, and accuracy) values. The
outcomes revealed that the system had fulfilled a precision of
99%, a true positive rate of 98%, and a false-positive rate of
less than 2%.
Moreover, due to the wide developments in the IoT along
with the artificial intelligence technologies, various research
interests are pointed towards employing the data science as
well as the big principles to secure systems from adversarial

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
attacks. The usage of the machine learning and artificial
intelligence for cyber-security initiated with its
implementation in IDS. The research in this area comprised
anomaly along with malware detection in communication and
information systems. The machine learning has been
employed to attain cyber-security in IoT and smart grid
systems [195], [196].
Great efforts have been performed to address the IoT
networks issues of the security and privacy via conventional
cryptographic techniques. Nevertheless, the distinctive
characteristics of IoT nodes render the current solutions
inadequate to cover the entire security spectrum of the IoT
networks. Machine learning along with deep learning
approaches, which are capable of providing embedded
intelligence in the IoT networks and devices, can be leveraged
to deal with different security problems.
In [197], an anomaly detection (AD) approach employing
supervised machine learning along with a model-based logic
for mitigation has been proposed. This approach considered
the input of the wide-area damping control measurement
signals and the output of wide-area damping control signals as
input for evaluating the type of activity e.g. normal,
perturbation, attack and perturbation-and-attack. For the
anomaly detection, the mitigation module tuned the wide-area
damping control signal and made the control status mode as
either local mode or wide-area mode.
In [198], an interval state estimation-based defense
approach has been introduced innovatively for detecting the
sparse cyber-attacks in the smart grid. In this approach, the
upper as well as lower bounds of each state variable are
modeled as a dual optimization problem for maximizing the
variation intervals of the system variable. A typical deep
learning, i.e., stacked auto-encoder, has been designed for
properly extracting the nonlinear characteristics in electric
load data. These characteristics are then applied for enhancing
the precision for electric load forecasting, causing a more
narrow width of state variables.
In [199], a novel approach of FDI attack detection has
been proposed based on wavelet singular values as input index
of deep learning approach. Via this approach, a switching
surface based on sliding mode control (SMC) breaks down has
been employed for adjusting precise factors of wavelet
transform. Afterwards, features of wavelet coefficients have
been extracted via singular value decomposition. Indexes have
been determined based on the wavelet singular values in
switching surface of current along with voltage which states
the input indexes of deep learning as well as detecting the FDI
attack.
In [200], an unsupervised machine learning-based
approach for detecting the covert data integrity assault (CDIA)
in the smart grid communications networks employing non-
labeled data has been introduced. This approach employed a
state-of-the-art technique, entitled isolation forest, as well as
detected the CDIA according to the hypothesis that the assault
possesses the shortest mean path length in a constructed
random forest. For tackling the dimensionality issue from the
growth in power systems, the authors employed a principal
component analysis-based characteristic extraction approach.
In [201], an enhanced online RL approach entitled nearest
sequence memory Q-learning has been adopted for making the
attack more effective. In this approach, an inherent property of
viruses has been described employing a propagation-evolution
model, which served as the exploration mechanism for the
FDI attack. In addition, for validating this approach, co-
simulations of daily operations of the IEEE 39-bus system
have been performed in which both the automatic voltage
control system and the proposed FDI attack have been
modeled.
For recovering from a cyber-attack, it is recommended to
reclose the transmission lines when the attack is detected.
Nevertheless, this can cause various influences on the power
system, e.g. power swing along with current inrush. Thus, it is
serious to accurately select the reclosing time for mitigating
these influences. In [202], a recovery approach for reclosing
the tripped transmission lines at the optimal reclosing time has
been proposed. Particularly, the deep reinforcement learning
approach can be adopted for endowing the strategy with the
aptitude of real-time decision-making as well as the
compliance of uncertain cyber-attack scenarios. In this
context, the environment has been established for simulating
the dynamics of the power system at the attack-recovery
procedure as well as generating the training data. Via these
data, the deep reinforcement learning based approach can be
trained for determining the optimal reclosing time.
The investigation of the coordinated topology attacks in
smart grid, which employs a cyber-topology attack along with
a physical topology attack has been introduced in [203]. The
physical attack first trips the transmission line (TL). For
deceiving the control center, the hacker can mask the tripped
line outage signal in the cyber layer and afterwards can create
a fake outage signal for another TL. The main target of the
coordinated topology attacks is to overload a critical line,
which differs from the physical tripped line as well as the fake
outage line via confusing the control center into making
incorrect dispatch. Thus, for determining the attack strategy, a
deep-reinforcement-learning-based approach has been
proposed for identifying the physical tripped line along with
the fake outage line and determining the minimal attack
resources.
As the FDI attacks have been considered to be the most
dangerous cyber-attack in the smart grid, as it can lead to
cascaded bad decision making throughout, a new approach of
thinking that can characterize itself via uniting two entities, a
cognitive dynamic system (CDS) has been introduced in
[204]. This approach can provide an indication of the smart
grid's health on a cycle-to-cycle basis as well as it can be
employed for detecting the FDI attacks. Accordingly,
enhancing the entropic state is the target of the supervisor.
The CDS has a structured research tool along with
physical model inspired via certain characteristics of the brain.
The cognitive risk control is considered an improved
characteristic of the CDS, which can embody the predictive
adaptation concept permitting it to bring risk under control in

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
situations containing unpredicted or irregular uncertainty as
the cyber-attack [205].
X. THE CPS SECURITY CHALLENGES
Though challenges, threats, and vulnerabilities terminology
are sometimes employed interchangeably, each terminology is
used to shed light on a diverse perspective of the CPS security.
Challenges are open problems which are still mysterious as
well as research struggles are performed for solving these
problems.
Meanwhile, the vulnerabilities denote the system's internal
security weaknesses, which can be exploited via the attackers,
whereas threats are external situations, which are possibly
destructive. In this section, CPS challenges are addressed
based on the observations from the literature survey as well as
categorize into common along with application-specific
challenges [206].
A. COMMON CPS SECURITY CHALLENGES
1) CP Security: Both the cyber and physical aspects in the
smart grid applications should be secured by the designers.
Thus, cyber-attacks with physical significance will be better
predicted as well as accordingly mitigated [207]. S. Rafi in
[208] proposed that in case the basic differences between
physical and cyber aspects are not taken into account, CP
solutions are commonly disregarded, and the emphasis
becomes cyber-only solutions. This urges the requisite for
taking into account both physical- along with cyber-aspects.
2) Security through Design: Security is not considered in
the CPS design as a consequence of their isolation in
physically protected environments without any connection to
further networks, for example, the Internet. Therefore,
physical security has been practically the only security
measure [209].
3) Real-Timeliness Nature: Real-time requisite is
significantly needed as its absence can affect the security
posture [210]. During the attack, real-time decisions in CPS
are vital for the survivability of the systems. Thus, taking into
account the interactions between cyber and physical-features
in the design of the CPS security can give the system a
complete picture, which helps in designing superior attack-
detection, risk-assessment, and attack-resilient solutions [211].
Moreover, cryptographic mechanisms can cause various
delays, which can affect the real-time deadlines. Thus,
lightweight along with hardware-based mechanisms should be
taken into consideration.
4) Uncoordinated Change: The CPS stakeholders’ number
is somewhat large. This comprises operators, implementers,
consumers, administrators, as well as manufacturers. Their
privileges along with activities vary, and therefore must be
managed accurately [212]. The enormous numbers of
heterogeneous CPS components along with stakeholders need
management change. This is considered another challenge
which is somewhat disregarded. When a cluster of CPS
components has changed, careful coordination is requisite at a
certain level through the stakeholders. These alterations may
include hardware changing, software changing, or updating, as
well as improving new aptitudes [213]. The uncoordinated
alteration can change the preliminary assumptions concerning
CPS security; thus, numerous vulnerabilities can be
introduced.
B. SMART GRID CHALLENGES
1) 2-Way Communication: This communication is considered
one of the distinctive geographies of the smart grids because
of employing the AMI. The smart meters are employed in the
AMI on the consumers’ houses, which can be effortlessly
reachable via the physical attackers for communicating with
utility companies. This increases a new challenge for
protecting the instruments [214].
2) Access Control Approaches: Because of the large
number of stakeholders and the vast geographical coverage of
smart grids, proper access control approaches are required
[215]. Each probable access to the smart grids’ network, data,
or instruments must be controlled as well as managed.
Furthermore, throughout the emergency, access control
approaches requisite to having adequate flexibility for giving
proper treats for the correct sections.
3) Privacy Prospects: Due to the significance of
consumers’ data in the smart grids’ traffic; thus, privacy
regards became a big challenge. The consumers’ data must be
encrypted, and anonymization approaches are correspondingly
requisite for preventing the inference and further attacks from
inferring patterns by the encrypted data for disclosing
secretive information [216]. Various cryptographic-based
solutions have been introduced. W. Gao et al. in [217]
introduced a homomorphic encryption mechanism for
safeguarding the privacy of the consumers while keeping low
overhead on smart grids’ traffic. Though, this technique does
not inhibit the deceiver from contributing in the data
aggregation as the smart meter via mimicking a legitimate
smart meter or injecting false data. Thus, designing
mechanisms, which can aggregate and encrypt data securely,
is a challenging issue.
4) Inclusive Security: Security tools and measures virtually
present at higher levels in smart grids as well as their efficacy
reduce to lower levels. The security measures complexity
reduces in low levels because of the inadequate aptitudes in
low-level instruments. Thus, security is needed to be included
in each part of the smart grids, initiating from the lowest levels
such as field devices and their protocols to high levels, such as
the control centers. Via implementing the security at lower
levels; thus, the performance costs will be increased. Hence,
the solutions for lightweight are preferred. Encryption is
essential for providing integrity and confidentiality at entire
smart grids levels. Deploying the encryption is not a
challenge, but the real challenge is in achieving it cost-
effectually in the components of low level [218].
5) Obvious Trust: Sent commands and sensed data should
not be obviously trusted. Instead, innovative mechanisms are
required for detecting unauthorized commands as well as false
data. Due to the large size of smart grids, the FDI attacks can
be detected easily depending on techniques, which have been
designed for detecting and identifying faults only.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
6) Alteration Management: Smart grids are undoubtedly
more different as well as have numerous stakeholders than
ICS applications, along with their alteration management
aptitudes are restricted. This alters the management in the
protected smart grids.
XI. CONCLUSION WITH CHALLENGES
In this paper, a comprehensive survey on the CPS security on
the digitally-controlled power electronics for the networked
smart grid application has been presented. The potential threat
sources, along with their motivations, have been extensively
surveyed. This paper also discussed the existing vulnerabilities
in the networked smart grid by highlighting the main reasons
with real examples and the mitigation approaches for the CP
attacks. Indeed, the impact and vulnerability analysis of the
control, communication, and physical layer employed for
handling the voltage source converters have been presented.
Furthermore, the existing control mechanisms for the
networked smart grid have been summarized with identifying
the unsolved issues. The research trends and challenges in
securing the CPS in the networked smart grid have been
introduced.
As a result of the complicity, variability, as well as
smartness of network attacks, the prevailing security solutions
cannot be attained via one definite solution. Based on the
control-theoretic-approaches, the side of the attack always
attempts their effort to exploit their damages on the control
performance, whereas the defense side will spare no struggle
to reduce the effects of the analogous attacks. Consequently,
the networked smart grid CP security should be taken into
account from both physical-security along cyber-security.
The subsequent issues should be addressed for
safeguarding the networked smart grids.
1) Security detection associated with modern approaches:
Enormous amount of data generated via the power distribution
devices, AMIs, and other smart instruments enact lots of
problems on security analysis and detection in the smart grids.
Thus, it is very significant to improve some emerging new
transmission systems to enhance communication efficiency;
indeed, the big data and clouding computing technique can
provide a new chance for anomaly detection, electric load
anticipating, and demand-side management approaches.
Hence, security detection associated with modern analysis
approaches is a motivating issue in the future.
2) Distributed detection as well as estimation of attacks:
The smart grid's complexity as well as spatial distributions,
which are integrated with CP-control, increases the estimation
dramatically along with detection difficulties, particularly in
the distributed environment. Furthermore, multiple attacks can
occur at the same time for such a large scale of networked
smart grids. Accordingly, how to estimate as well as locate
diverse attacks in a distributed way is of vital significance.
3) Modeling the attacks via employing experimental
conditions: There are some particular assumptions, e.g.,
probability and periodic distributions that are often presented
in various smart grids’ researches. Nevertheless, these
assumptions violate the point of view that the attacks are
usually stealthy as well as arbitrary. For instance, the packet
dropouts issued from the DoS attacks may not follow
Bernoulli distribution in the smart grids. Particular prevailing
results based on the unfeasible assumptions are away from
real applications. Thus, modeling these attacks in a different
realistic manner needs to be studied more.
4) Resilient control approaches: As a counterpart of IT
safeguard technique, security control approaches’ design plays
a vital role in preserving the smart grids. When conventional
IT safeguards are worthless, the control implementations will
lead to a noteworthy enhancement in assuring the performance
of the smart grid. In addition, the control design should fulfill
general requisites when no attacks are existing. Instead, it is
still valid for malicious attacks rather than changing or
redesigning the controller. Consequently, how to design a
security controller in a resilient manner is an encouraging
issue in the future.
There will be different approaches for detection,
mitigation, along protection alongside cyber-attacks than those
addressed in this review. Well, innovative approaches and
measures will definitely be developed in the future for
safeguarding the smart grid components from malicious
attacks. This survey collected the state-of-the-art implemented
previously otherwise explored solutions for providing an
origin for upcoming developments and research.
Implementing these numerous approaches on actual
environments or testbeds will lastly permit the developments
in protection, resilience, monitoring, as well as mitigation of
the smart grids alongside the future serious cyber-attacks
threats.
REFERENCES
[1] H. Parastvand, O. Bass, M. A. S. Masoum, A. Chapman and S.
Lachowicz, "Cyber-Security Constrained Placement of FACTS Devices in
Power Networks From a Novel Topological Perspective," in IEEE Access,
vol. 8, pp. 108201-108215, 2020, doi: 10.1109/ACCESS.2020.3001308.
[2] J. Tavčar and I. Horváth, "A Review of the Principles of Designing Smart
Cyber-Physical Systems for Run-Time Adaptation: Learned Lessons and
Open Issues," in IEEE Transactions on Systems, Man, and Cybernetics:
Systems, vol. 49, no. 1, pp. 145-158, Jan. 2019.
[3] K. R. Choo, M. M. Kermani, R. Azarderakhsh and M. Govindarasu,
"Emerging Embedded and Cyber Physical System Security Challenges and
Innovations," in IEEE Transactions on Dependable and Secure Computing,
vol. 14, no. 3, pp. 235-236, 1 May-June 2017.
[4] R. Altawy and A. M. Youssef, "Security Tradeoffs in Cyber Physical
Systems: A Case Study Survey on Implantable Medical Devices," in IEEE
Access, vol. 4, pp. 959-979, 2016.
[5] A. Burg, A. Chattopadhyay and K. Lam, "Wireless Communication and
Security Issues for Cyber–Physical Systems and the Internet-of-Things," in
Proceedings of the IEEE, vol. 106, no. 1, pp. 38-60, Jan. 2018.
[6] B. Wang, P. Dehghanian, and D. Zhao, “Chance-constrained energy
management system for power grids with high proliferation of renewables and
electric vehicles,'' IEEE Trans. Smart Grid, vol. 11, no. 3, pp. 2324-2336,
May 2020.
[7] P. Jokar, Model-Based Intrusion Detection for Home Area Networks in
Smart Grids. Bristol, U.K.: Univ. Bristol, 2012, pp. 1-19.
[8] B. Zhang, P. Dehghanian, and M. Kezunovic, “Optimal allocation of PV
generation and battery storage for enhanced resilience,'' IEEE Trans. Smart
Grid, vol. 10, no. 1, pp. 535-545, Jan. 2019.
[9] M. Milton, C. D. L. O, H. L. Ginn and A. Benigni, "Controller-
Embeddable Probabilistic Real-Time Digital Twins for Power Electronic

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
Converter Diagnostics," in IEEE Transactions on Power Electronics, vol. 35,
no. 9, pp. 9850-9864, Sept. 2020, doi: 10.1109/TPEL.2020.2971775.
[10] S. Y. Kim, S. G. Song and S. J. Park, "Minimum Loss Discontinuous
Pulse-Width Modulation Per Phase Method for Three-Phase Four-Leg
Inverter," in IEEE Access, vol. 8, pp. 122923-122936, 2020, doi:
10.1109/ACCESS.2020.3006245.
[11] S. Gu, X. Du, Y. Shi, P. Sun and H. Tai, "Power Control for Grid-
Connected Converter to Comply With Safety Operation Limits During Grid
Faults," in IEEE Journal of Emerging and Selected Topics in Power
Electronics, vol. 8, no. 1, pp. 866-876, March 2020, doi:
10.1109/JESTPE.2018.2888552.
[12] W. Yang et al., "A True-Random-Number-Based Pseudohysteresis
Controller for Buck DC–DC Converter in High-Security Internet-of-
Everything Devices," in IEEE Transactions on Power Electronics, vol. 35, no.
3, pp. 2969-2978, March 2020, doi: 10.1109/TPEL.2019.2928420.
[13] S. Soltan, M. Yannakakis and G. Zussman, "Power Grid State Estimation
Following a Joint Cyber and Physical Attack," in IEEE Transactions on
Control of Network Systems, vol. 5, no. 1, pp. 499-512, March 2018, doi:
10.1109/TCNS.2016.2620807.
[14] X. Feng and Q. Sun, "Stochastic games for power grid coordinated
defence against coordinated attacks," in IET Cyber-Physical Systems: Theory
& Applications, vol. 5, no. 3, pp. 292-300, 9 2020, doi: 10.1049/iet-
cps.2020.0002.
[15] M. Kouki, B. Marinescu and F. Xavier, "Exhaustive Modal Analysis of
Large-Scale Interconnected Power Systems With High Power Electronics
Penetration," in IEEE Transactions on Power Systems, vol. 35, no. 4, pp.
2759-2768, July 2020, doi: 10.1109/TPWRS.2020.2969641.
[16] X. Hong, G. Zhang and D. Lu, "Control Strategies for Crowd Emotional
Contagion Coupling the Virtual and Physical Cyberspace in Emergencies," in
IEEE Access, vol. 8, pp. 37712-37726, 2020, doi:
10.1109/ACCESS.2020.2975808.
[17] Z. Zhang, S. Huang, F. Liu and S. Mei, "Pattern Analysis of Topological
Attacks in Cyber-Physical Power Systems Considering Cascading Outages,"
in IEEE Access, vol. 8, pp. 134257-134267, 2020, doi:
10.1109/ACCESS.2020.3006555.
[18] R. V. Yohanandhan, R. M. Elavarasan, P. Manoharan and L. Mihet-Popa,
"Cyber-Physical Power System (CPPS): A Review on Modeling, Simulation,
and Analysis With Cyber Security Applications," in IEEE Access, vol. 8, pp.
151019-151064, 2020, doi: 10.1109/ACCESS.2020.3016826.
[19] O. Hariri, M. M. Esfahani and O. Mohammed, "Collective Distribution
of Mobile Loads for Optimal and Secure Operation of Power Systems," 2019
IEEE Industry Applications Society Annual Meeting, Baltimore, MD, USA,
2019, pp. 1-8, doi: 10.1109/IAS.2019.8912331.
[20] D. Pérez-Estévez, J. Doval-Gandoy and J. M. Guerrero, "AC-Voltage
Harmonic Control for Stand-Alone and Weak-Grid-Tied Converter," in IEEE
Transactions on Industry Applications, vol. 56, no. 1, pp. 403-421, Jan.-Feb.
2020, doi: 10.1109/TIA.2019.2942265.
[21] S. Chen et al., "A BP Neural Network-Based Hierarchical Investment
Risk Evaluation Method Considering the Uncertainty and Coupling for the
Power Grid," in IEEE Access, vol. 8, pp. 110279-110289, 2020, doi:
10.1109/ACCESS.2020.3002381.
[22] P. Prabhakaran and V. Agarwal, "Novel Boost-SEPIC Type Interleaved
DC–DC Converter for Mitigation of Voltage Imbalance in a Low-Voltage
Bipolar DC Microgrid," in IEEE Transactions on Industrial Electronics, vol.
67, no. 8, pp. 6494-6504, Aug. 2020, doi: 10.1109/TIE.2019.2939991.
[23] Z. Lin, X. Ruan, L. Wu, H. Zhang and W. Li, "Multi resonant
Component-Based Grid-Voltage-Weighted Feedforward Scheme for Grid-
Connected Inverter to Suppress the Injected Grid Current Harmonics Under
Weak Grid," in IEEE Transactions on Power Electronics, vol. 35, no. 9, pp.
9784-9793, Sept. 2020, doi: 10.1109/TPEL.2020.2970514.
[24] M. Wen et al., "Key factors for efficient consumption of renewable
energy in a provincial power grid in southern China," in CSEE Journal of
Power and Energy Systems, vol. 6, no. 3, pp. 554-562, Sept. 2020, doi:
10.17775/CSEEJPES.2019.01970.
[25] N. M. Dehkordi and S. Z. Moussavi, "Distributed Resilient Adaptive
Control of Islanded Microgrids Under Sensor/Actuator Faults," in IEEE
Transactions on Smart Grid, vol. 11, no. 3, pp. 2699-2708, May 2020, doi:
10.1109/TSG.2019.2960205.
[26] S. Selvarajan, M. Shaik, S. Ameerjohn and S. Kannan, "Mining of
intrusion attack in SCADA network using clustering and genetically seeded
flora-based optimal classification algorithm," in IET Information Security,
vol. 14, no. 1, pp. 1-11, 1 2020, doi: 10.1049/iet-ifs.2019.0011.
[27] and S. Debbarma, "Detection and Mitigation of Cyber-Attacks on
AGC Systems of Low Inertia Power Grid," in IEEE Systems Journal, vol. 14,
no. 2, pp. 2023-2031, June 2020, doi: 10.1109/JSYST.2019.2943921.
[28] H. Long, Z. Wu, C. Fang, W. Gu, X. Wei and H. Zhan, "Cyber-attack
Detection Strategy Based on Distribution System State Estimation," in
Journal of Modern Power Systems and Clean Energy, vol. 8, no. 4, pp. 669-
678, July 2020, doi: 10.35833/MPCE.2019.000216.
[29] A. Rodríguez-Cabero, J. Roldán-Pérez, M. Prodanovic, J. A. Suul and S.
D’Arco, "Coupling of AC Grids via VSC-HVDC Interconnections for
Oscillation Damping Based on Differential and Common Power Control," in
IEEE Transactions on Power Electronics, vol. 35, no. 6, pp. 6548-6558, June
2020, doi: 10.1109/TPEL.2019.2952656.
[30] K. Ma, J. Wang, X. Cai and F. Blaabjerg, "AC Grid Emulations for
Advanced Testing of Grid-Connected Converters—An Overview," in IEEE
Transactions on Power Electronics, vol. 36, no. 2, pp. 1626-1645, Feb. 2021,
doi: 10.1109/TPEL.2020.3011176.
[31] M. G. Taul, X. Wang, P. Davari and F. Blaabjerg, "Robust Fault Ride
Through of Converter-Based Generation During Severe Faults With Phase
Jumps," in IEEE Transactions on Industry Applications, vol. 56, no. 1, pp.
570-583, Jan.-Feb. 2020, doi: 10.1109/TIA.2019.2944175.
[32] M. A. Awal, H. Yu, I. Husain, W. Yu and S. M. Lukic, "Selective
Harmonic Current Rejection for Virtual Oscillator Controlled Grid-Forming
Voltage Source Converters," in IEEE Transactions on Power Electronics, vol.
35, no. 8, pp. 8805-8818, Aug. 2020, doi: 10.1109/TPEL.2020.2965880.
[33] J. Chen, F. Milano and T. O'Donnell, "Assessment of Grid-Feeding
Converter Voltage Stability," in IEEE Transactions on Power Systems, vol.
34, no. 5, pp. 3980-3982, Sept. 2019, doi: 10.1109/TPWRS.2019.2920516.
[34] J. Fang, H. Deng and S. M. Goetz, "Grid Impedance Estimation Through
Grid-Forming Power Converters," in IEEE Transactions on Power
Electronics, vol. 36, no. 2, pp. 2094-2104, Feb. 2021, doi:
10.1109/TPEL.2020.3010874.
[35] M. Ahmed, L. Meegahapola, A. Vahidnia and M. Datta, "Stability and
Control Aspects of Microgrid Architectures–A Comprehensive Review," in
IEEE Access, vol. 8, pp. 144730-144766, 2020, doi:
10.1109/ACCESS.2020.3014977.
[36] J. Johnson, R. Ablinger, R. Bruendlinger, B. Fox and J. Flicker,
"Interconnection Standard Grid-Support Function Evaluations Using an
Automated Hardware-in-the-Loop Testbed," in IEEE Journal of
Photovoltaics, vol. 8, no. 2, pp. 565-571, March 2018, doi:
10.1109/JPHOTOV.2018.2794884.
[37] K. Ding, Y. Qian, Y. Wang, P. Hu and B. Wang, "A Data-Driven
Vulnerability Evaluation Method in Grid Edge Based on Random Matrix
Theory Indicators," in IEEE Access, vol. 8, pp. 26495-26504, 2020, doi:
10.1109/ACCESS.2020.2971030.
[38] H. Pan, H. Lian, C. Na and X. Li, "Modeling and Vulnerability Analysis
of Cyber-Physical Power Systems Based on Community Theory," in IEEE
Systems Journal, vol. 14, no. 3, pp. 3938-3948, Sept. 2020, doi:
10.1109/JSYST.2020.2969023.
[39] L. Che, X. Liu, Z. Shuai, Z. Li and Y. Wen, "Cyber Cascades Screening
Considering the Impacts of False Data Injection Attacks," in IEEE
Transactions on Power Systems, vol. 33, no. 6, pp. 6545-6556, Nov. 2018,
doi: 10.1109/TPWRS.2018.2827060.
[40] A. S. Musleh, G. Chen and Z. Y. Dong, "A Survey on the Detection
Algorithms for False Data Injection Attacks in Smart Grids," in IEEE
Transactions on Smart Grid, vol. 11, no. 3, pp. 2218-2234, May 2020, doi:
10.1109/TSG.2019.2949998.
[41] K. Huang, L. Yang, X. Yang, Y. Xiang and Y. Y. Tang, "A Low-Cost
Distributed Denial-of-Service Attack Architecture," in IEEE Access, vol. 8,
pp. 42111-42119, 2020, doi: 10.1109/ACCESS.2020.2977112.
[42] H. Boche, R. F. Schaefer and H. V. Poor, "Denial-of-Service Attacks on
Communication Systems: Detectability and Jammer Knowledge," in IEEE
Transactions on Signal Processing, vol. 68, pp. 3754-3768, 2020, doi:
10.1109/TSP.2020.2993165.
[43] X. Zhang, Q. Han, X. Ge and L. Ding, "Resilient Control Design Based
on a Sampled-Data Model for a Class of Networked Control Systems Under
Denial-of-Service Attacks," in IEEE Transactions on Cybernetics, vol. 50, no.
8, pp. 3616-3626, Aug. 2020, doi: 10.1109/TCYB.2019.2956137.
[44] B. Li, G. Xiao, R. Lu, R. Deng and H. Bao, "On Feasibility and
Limitations of Detecting False Data Injection Attacks on Power Grid State

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
Estimation Using D-FACTS Devices," in IEEE Transactions on Industrial
Informatics, vol. 16, no. 2, pp. 854-864, Feb. 2020, doi:
10.1109/TII.2019.2922215.
[45] M. M. N. Aboelwafa, K. G. Seddik, M. H. Eldefrawy, Y. Gadallah and
M. Gidlund, "A Machine-Learning-Based Technique for False Data Injection
Attacks Detection in Industrial IoT," in IEEE Internet of Things Journal, vol.
7, no. 9, pp. 8462-8471, Sept. 2020, doi: 10.1109/JIOT.2020.2991693.
[46] S. M. P. Dinakarrao et al., "Cognitive and Scalable Technique for
Securing IoT Networks Against Malware Epidemics," in IEEE Access, vol. 8,
pp. 138508-138528, 2020, doi: 10.1109/ACCESS.2020.3011919.
[47] M. M. Rana, "IoT-Based Electric Vehicle State Estimation and Control
Algorithms Under Cyber Attacks," in IEEE Internet of Things Journal, vol. 7,
no. 2, pp. 874-881, Feb. 2020, doi: 10.1109/JIOT.2019.2946093.
[48] R. M. Pratt and T. E. Carroll, "Vehicle Charging Infrastructure Security,"
2019 IEEE International Conference on Consumer Electronics (ICCE), Las
Vegas, NV, USA, 2019, pp. 1-5, doi: 10.1109/ICCE.2019.8662043.
[49] J. Wang and D. Shi, "Cyber-Attacks Related to Intelligent Electronic
Devices and Their Countermeasures: A Review," 2018 53rd International
Universities Power Engineering Conference (UPEC), Glasgow, 2018, pp. 1-6,
doi: 10.1109/UPEC.2018.8542059.
[50] J. Hong and C. Liu, "Intelligent Electronic Devices With Collaborative
Intrusion Detection Systems," in IEEE Transactions on Smart Grid, vol. 10,
no. 1, pp. 271-281, Jan. 2019, doi: 10.1109/TSG.2017.2737826.
[51] M. Bahrami, M. Fotuhi-Firuzabad and H. Farzin, "Reliability Evaluation
of Power Grids Considering Integrity Attacks Against Substation Protective
IEDs," in IEEE Transactions on Industrial Informatics, vol. 16, no. 2, pp.
1035-1044, Feb. 2020, doi: 10.1109/TII.2019.2926557.
[52] T. S. Ustun, S. M. Farooq and S. M. S. Hussain, "A Novel Approach for
Mitigation of Replay and Masquerade Attacks in Smartgrids Using IEC 61850
Standard," in IEEE Access, vol. 7, pp. 156044-156053, 2019, doi:
10.1109/ACCESS.2019.2948117.
[53] Q. Bin, C. Ziwen, X. Yong, H. Liang and S. Sheng, "GPS spoofing-based
time synchronisation attack in advanced metering infrastructure and its
protection," in The Journal of Engineering, vol. 2020, no. 9, pp. 809-815, 9
2020, doi: 10.1049/joe.2020.0022.
[54] H. Pearce, S. Pinisetty, P. S. Roop, M. M. Y. Kuo and A. Ukil, "Smart
I/O Modules for Mitigating Cyber-Physical Attacks on Industrial Control
Systems," in IEEE Transactions on Industrial Informatics, vol. 16, no. 7, pp.
4659-4669, July 2020, doi: 10.1109/TII.2019.2945520.
[55] M. S. Hossan and B. Chowdhury, "Integrated CVR and Demand
Response Framework for Advanced Distribution Management Systems," in
IEEE Transactions on Sustainable Energy, vol. 11, no. 1, pp. 534-544, Jan.
2020, doi: 10.1109/TSTE.2019.2897333.
[56] A. Imran et al., "Heuristic-Based Programable Controller for Efficient
Energy Management Under Renewable Energy Sources and Energy Storage
System in Smart Grid," in IEEE Access, vol. 8, pp. 139587-139608, 2020, doi:
10.1109/ACCESS.2020.3012735.
[57] A. R. Sayed, C. Wang, J. Zhao and T. Bi, "Distribution-Level Robust
Energy Management of Power Systems Considering Bidirectional Interactions
With Gas Systems," in IEEE Transactions on Smart Grid, vol. 11, no. 3, pp.
2092-2105, May 2020, doi: 10.1109/TSG.2019.2947219.
[58] A. Sangswang and M. Konghirun, "Optimal Strategies in Home Energy
Management System Integrating Solar Power, Energy Storage, and Vehicle-
to-Grid for Grid Support and Energy Efficiency," in IEEE Transactions on
Industry Applications, vol. 56, no. 5, pp. 5716-5728, Sept.-Oct. 2020, doi:
10.1109/TIA.2020.2991652.
[59] N. M. Manousakis and G. N. Korres, "Optimal Allocation of Phasor
Measurement Units Considering Various Contingencies and Measurement
Redundancy," in IEEE Transactions on Instrumentation and Measurement,
vol. 69, no. 6, pp. 3403-3411, June 2020, doi: 10.1109/TIM.2019.2932208.
[60] M. Jamei et al., "Phasor Measurement Units Optimal Placement and
Performance Limits for Fault Localization," in IEEE Journal on Selected
Areas in Communications, vol. 38, no. 1, pp. 180-192, Jan. 2020, doi:
10.1109/JSAC.2019.2951971.
[61] A. Mohammadi and K. N. Plataniotis, "Noncircular Attacks on Phasor
Measurement Units for State Estimation in Smart Grid," in IEEE Journal of
Selected Topics in Signal Processing, vol. 12, no. 4, pp. 777-789, Aug. 2018,
doi: 10.1109/JSTSP.2018.2840517.
[62] R. Pal and V. Prasanna, "The STREAM Mechanism for CPS Security
The Case of the Smart Grid," in IEEE Transactions on Computer-Aided
Design of Integrated Circuits and Systems, vol. 36, no. 4, pp. 537-550, April
2017, doi: 10.1109/TCAD.2016.2565201.
[63] A. Chattopadhyay and U. Mitra, "Security Against False Data-Injection
Attack in Cyber-Physical Systems," in IEEE Transactions on Control of
Network Systems, vol. 7, no. 2, pp. 1015-1027, June 2020, doi:
10.1109/TCNS.2019.2927594.
[64] S. Liu, Y. Liu, S. Li and B. Xu, "H∞ Control for Time-Varying Cyber-
Physical System Under Randomly Occurring Hybrid Attacks: The Output
Feedback Case," in IEEE Access, vol. 8, pp. 60780-60789, 2020, doi:
10.1109/ACCESS.2020.2980978.
[65] J. Wurm et al., "Introduction to Cyber-Physical System Security: A
Cross-Layer Perspective," in IEEE Transactions on Multi-Scale Computing
Systems, vol. 3, no. 3, pp. 215-227, 1 July-Sept. 2017.
[66] J. C. Balda, A. Mantooth, R. Blum and P. Tenti, "Cybersecurity and
Power Electronics: Addressing the Security Vulnerabilities of the Internet of
Things," in IEEE Power Electronics Magazine, vol. 4, no. 4, pp. 37-43, Dec.
2017.
[67] X. Zhu, Z. Yu and X. Liu, "Security Constrained Unit Commitment with
Extreme Wind Scenarios," in Journal of Modern Power Systems and Clean
Energy, vol. 8, no. 3, pp. 464-472, May 2020, doi:
10.35833/MPCE.2018.000797.
[68] W. Mesbah, "Securing Smart Electricity Meters Against Customer
Attacks," in IEEE Transactions on Smart Grid, vol. 9, no. 1, pp. 101-110, Jan.
2018, doi: 10.1109/TSG.2016.2545524.
[69] C. Liu, J. Wu, C. Long and D. Kundur, "Reactance Perturbation for
Detecting and Identifying FDI Attacks in Power System State Estimation," in
IEEE Journal of Selected Topics in Signal Processing, vol. 12, no. 4, pp. 763-
776, Aug. 2018, doi: 10.1109/JSTSP.2018.2846542.
[70] C. Liu, H. Liang, T. Chen, J. Wu and C. Long, "Joint Admittance
Perturbation and Meter Protection for Mitigating Stealthy FDI Attacks
Against Power System State Estimation," in IEEE Transactions on Power
Systems, vol. 35, no. 2, pp. 1468-1478, March 2020, doi:
10.1109/TPWRS.2019.2938223.
[71] P. Key and R. Steinberg, "Pricing, Competition and Content for Internet
Service Providers," in IEEE/ACM Transactions on Networking, vol. 28, no. 5,
pp. 2285-2298, Oct. 2020, doi: 10.1109/TNET.2020.3010550.
[72] H. F. Habib, A. O. Hariri, A. ElSayed and O. A. Mohammed,
"Deployment of electric vehicles in an adaptive protection technique for
riding through cyber attack threats in microgrids," 2017 IEEE International
Conference on Environment and Electrical Engineering and 2017 IEEE
Industrial and Commercial Power Systems Europe (EEEIC / I&CPS Europe),
Milan, 2017, pp. 1-6, doi: 10.1109/EEEIC.2017.7977729.
[73] M. El Hariri, E. Harmon, H. F. Habib, T. Youssef and O. A. Mohammed,
"A targeted attack for enhancing resiliency of intelligent intrusion detection
modules in energy cyber physical systems," 2017 19th International
Conference on Intelligent System Application to Power Systems (ISAP), San
Antonio, TX, 2017, pp. 1-6, doi: 10.1109/ISAP.2017.8071363.
[74] A. O. Hariri, M. El Hariri, T. Youssef and O. A. Mohammed, "A
Bilateral Decision Support Platform for Public Charging of Connected
Electric Vehicles," in IEEE Transactions on Vehicular Technology, vol. 68,
no. 1, pp. 129-140, Jan. 2019, doi: 10.1109/TVT.2018.2879927.
[75] S. Faddel, A. T. Elsayed and O. A. Mohammed, "Bilayer Multi-Objective
Optimal Allocation and Sizing of Electric Vehicle Parking Garage," in IEEE
Transactions on Industry Applications, vol. 54, no. 3, pp. 1992-2001, May-
June 2018, doi: 10.1109/TIA.2018.2803151.
[76] M. Wen et al., "Key factors for efficient consumption of renewable
energy in a provincial power grid in southern China," in CSEE Journal of
Power and Energy Systems, vol. 6, no. 3, pp. 554-562, Sept. 2020, doi:
10.17775/CSEEJPES.2019.01970.
[77] D. Pliatsios, P. Sarigiannidis, T. Lagkas and A. G. Sarigiannidis, "A
Survey on SCADA Systems: Secure Protocols, Incidents, Threats and
Tactics," in IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp.
1942-1976, thirdquarter 2020, doi: 10.1109/COMST.2020.2987688.
[78] S. Ghosh and S. Sampalli, "A Survey of Security in SCADA Networks:
Current Issues and Future Challenges," in IEEE Access, vol. 7, pp. 135812-
135831, 2019, doi: 10.1109/ACCESS.2019.2926441.
[79] C. Ruben et al., "Hybrid data-driven physics model-based framework for
enhanced cyber-physical smart grid security," in IET Smart Grid, vol. 3, no. 4,
pp. 445-453, 8 2020, doi: 10.1049/iet-stg.2019.0272.
[80] A. Sundararajan, A. S. Hernandez and A. I. Sarwat, "Adapting big data
standards, maturity models to smart grid distributed generation: critical

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
review," in IET Smart Grid, vol. 3, no. 4, pp. 508-519, 8 2020, doi:
10.1049/iet-stg.2019.0298.
[81] M. H. Cintuglu, O. A. Mohammed, K. Akkaya and A. S. Uluagac, "A
Survey on Smart Grid Cyber-Physical System Testbeds," in IEEE
Communications Surveys & Tutorials, vol. 19, no. 1, pp. 446-464, Firstquarter
2017.
[82] J. Khazaei, "Stealthy Cyberattacks on Loads and Distributed Generation
Aimed at Multi-Transmission Line Congestions in Smart Grids," in IEEE
Transactions on Smart Grid, doi: 10.1109/TSG.2020.3038045.
[83] A. J. Wilson, D. R. Reising, R. W. Hay, R. C. Johnson, A. A. Karrar and
T. Daniel Loveless, "Automated Identification of Electrical Disturbance
Waveforms Within an Operational Smart Power Grid," in IEEE Transactions
on Smart Grid, vol. 11, no. 5, pp. 4380-4389, Sept. 2020, doi:
10.1109/TSG.2020.2990079.
[84] A. Ashok, M. Govindarasu and J. Wang, "Cyber-Physical Attack-
Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid,"
in Proceedings of the IEEE, vol. 105, no. 7, pp. 1389-1407, July 2017, doi:
10.1109/JPROC.2017.2686394.
[85] V. Venkataramanan, A. Hahn and A. Srivastava, "CP-SAM: Cyber-
Physical Security Assessment Metric for Monitoring Microgrid Resiliency,"
in IEEE Transactions on Smart Grid, vol. 11, no. 2, pp. 1055-1065, March
2020, doi: 10.1109/TSG.2019.2930241.
[86] M. H. Variani and K. Tomsovic, "Distributed Automatic Generation
Control Using Flatness-Based Approach for High Penetration of Wind
Generation," in IEEE Transactions on Power Systems, vol. 28, no. 3, pp.
3002-3009, Aug. 2013, doi: 10.1109/TPWRS.2013.2257882.
[87] S. M. S. Hussain, M. A. Aftab, F. Nadeem, I. Ali and T. S. Ustun,
"Optimal Energy Routing in Microgrids With IEC 61850 Based Energy
Routers," in IEEE Transactions on Industrial Electronics, vol. 67, no. 6, pp.
5161-5169, June 2020, doi: 10.1109/TIE.2019.2927154.
[88] M. D. Smith and M. E. Paté-Cornell, "Cyber Risk Analysis for a Smart
Grid: How Smart is Smart Enough? A Multi armed Bandit Approach to Cyber
Security Investment," in IEEE Transactions on Engineering Management,
vol. 65, no. 3, pp. 434-447, Aug. 2018.
[89] Y. Liu, Y. Zhou and S. Hu, "Combating Coordinated Pricing Cyber-
attack and Energy Theft in Smart Home Cyber-Physical Systems," in IEEE
Transactions on Computer-Aided Design of Integrated Circuits and Systems,
vol. 37, no. 3, pp. 573-586, March 2018.
[90] X. Lyu, Y. Ding and S. Yang, "Bayesian Network Based C2P Risk
Assessment for Cyber-Physical Systems," in IEEE Access, vol. 8, pp. 88506-
88517, 2020, doi: 10.1109/ACCESS.2020.2993614.
[91] Y. Zhang et al., "Cyber Physical Security Analytics for Transactive
Energy Systems," in IEEE Transactions on Smart Grid, vol. 11, no. 2, pp.
931-941, March 2020, doi: 10.1109/TSG.2019.2928168.
[92] K. Huang, C. Zhou, Y. Qin and W. Tu, "A Game-Theoretic Approach to
Cross-Layer Security Decision-Making in Industrial Cyber-Physical
Systems," in IEEE Transactions on Industrial Electronics, vol. 67, no. 3, pp.
2371-2379, March 2020, doi: 10.1109/TIE.2019.2907451.
[93] Y. Jiang, S. Yin and O. Kaynak, "Data-Driven Monitoring and Safety
Control of Industrial Cyber-Physical Systems: Basics and Beyond," in IEEE
Access, vol. 6, pp. 47374-47384, 2018.
[94] A. Farraj, E. Hammad and D. Kundur, "A Cyber-Physical Control
Framework for Transient Stability in Smart Grids," in IEEE Transactions on
Smart Grid, vol. 9, no. 2, pp. 1205-1215, March 2018.
[95] T. A. Simões, C. L. Borges and J. Mitra, "Use of performance indices for
contingency screening for rapid assessment of dynamic security region," in
IET Generation, Transmission & Distribution, vol. 14, no. 18, pp. 3896-3904,
18 9 2020, doi: 10.1049/iet-gtd.2020.0223.
[96] P. Akaber et al., "CASeS: Concurrent Contingency Analysis-Based
Security Metric Deployment for the Smart Grid," in IEEE Transactions on
Smart Grid, vol. 11, no. 3, pp. 2676-2687, May 2020, doi:
10.1109/TSG.2019.2959937.
[97] G. Cao et al., "Operational Risk Evaluation of Active Distribution
Networks Considering Cyber Contingencies," in IEEE Transactions on
Industrial Informatics, vol. 16, no. 6, pp. 3849-3861, June 2020, doi:
10.1109/TII.2019.2939346.
[98] M. Li, Y. Xue, M. Ni and X. Li, "Modeling and Hybrid Calculation
Architecture for Cyber Physical Power Systems," in IEEE Access, vol. 8, pp.
138251-138263, 2020, doi: 10.1109/ACCESS.2020.3011213.
[99] H. Tu, Y. Xia, C. K. Tse and X. Chen, "A Hybrid Cyber Attack Model
for Cyber-Physical Power Systems," in IEEE Access, vol. 8, pp. 114876-
114883, 2020, doi: 10.1109/ACCESS.2020.3003323.
[100] F. Farivar, M. S. Haghighi, A. Jolfaei and M. Alazab, "Artificial
Intelligence for Detection, Estimation, and Compensation of Malicious
Attacks in Nonlinear Cyber-Physical Systems and Industrial IoT," in IEEE
Transactions on Industrial Informatics, vol. 16, no. 4, pp. 2716-2725, April
2020, doi: 10.1109/TII.2019.2956474.
[101] Y. Zhang and O. Yağan, "Robustness of Interdependent Cyber-Physical
Systems Against Cascading Failures," in IEEE Transactions on Automatic
Control, vol. 65, no. 2, pp. 711-726, Feb. 2020, doi:
10.1109/TAC.2019.2918120.
[102] C. Roberts et al., "Learning Behavior of Distribution System Discrete
Control Devices for Cyber-Physical Security," in IEEE Transactions on Smart
Grid, vol. 11, no. 1, pp. 749-761, Jan. 2020, doi: 10.1109/TSG.2019.2936016.
[103] J. Feng, L. T. Yang, R. Zhang, S. Zhang, G. Dai and W. Qiang, "A
Tensor-Based Optimization Model for Secure Sustainable Cyber-Physical-
Social Big Data Computations," in IEEE Transactions on Sustainable
Computing, vol. 5, no. 2, pp. 223-234, 1 April-June 2020, doi:
10.1109/TSUSC.2018.2881466.
[104] J. Li, Y. Liu, T. Chen, Z. Xiao, Z. Li and J. Wang, "Adversarial Attacks
and Defenses on Cyber–Physical Systems: A Survey," in IEEE Internet of
Things Journal, vol. 7, no. 6, pp. 5103-5115, June 2020, doi:
10.1109/JIOT.2020.2975654.
[105] T. Becejac, C. Eppinger, A. Ashok, U. Agrawal and J. O'Brien,
"PRIME: a real-time cyber-physical systems testbed: from wide-area
monitoring, protection, and control prototyping to operator training and
beyond," in IET Cyber-Physical Systems: Theory & Applications, vol. 5, no.
2, pp. 186-195, 6 2020, doi: 10.1049/iet-cps.2019.0049.
[106] C. Yang, Z. Shi, H. Zhang, J. Wu and X. Shi, "Multiple Attacks
Detection in Cyber-Physical Systems Using Random Finite Set Theory," in
IEEE Transactions on Cybernetics, vol. 50, no. 9, pp. 4066-4075, Sept. 2020,
doi: 10.1109/TCYB.2019.2912939.
[107] B. Yang, L. Guo, F. Li, J. Ye and W. Song, "Vulnerability Assessments
of Electric Drive Systems Due to Sensor Data Integrity Attacks," in IEEE
Transactions on Industrial Informatics, vol. 16, no. 5, pp. 3301-3310, May
2020, doi: 10.1109/TII.2019.2948056.
[108] C. Bakker, A. Bhattacharya, S. Chatterjee and D. L. Vrabie, "Learning
and Information Manipulation: Repeated Hypergames for Cyber-Physical
Security," in IEEE Control Systems Letters, vol. 4, no. 2, pp. 295-300, April
2020, doi: 10.1109/LCSYS.2019.2925681.
[109] S. Kwon, H. Yoo and T. Shon, "IEEE 1815.1-Based Power System
Security With Bidirectional RNN-Based Network Anomalous Attack
Detection for Cyber-Physical System," in IEEE Access, vol. 8, pp. 77572-
77586, 2020, doi: 10.1109/ACCESS.2020.2989770.
[110] L. Cao, X. Jiang, Y. Zhao, S. Wang, D. You and X. Xu, "A Survey of
Network Attacks on Cyber-Physical Systems," in IEEE Access, vol. 8, pp.
44219-44227, 2020, doi: 10.1109/ACCESS.2020.2977423.
[111] U. Bodkhe, D. Mehta, S. Tanwar, P. Bhattacharya, P. K. Singh and W.
Hong, "A Survey on Decentralized Consensus Mechanisms for Cyber
Physical Systems," in IEEE Access, vol. 8, pp. 54371-54401, 2020, doi:
10.1109/ACCESS.2020.2981415.
[112] A. Ayad, H. Farag, A. Youssef and E. El-Saadany, "Cyber–physical
attacks on power distribution systems," in IET Cyber-Physical Systems:
Theory & Applications, vol. 5, no. 2, pp. 218-225, 6 2020, doi: 10.1049/iet-
cps.2019.0032.
[113] M. V. Chester and B. R. Allenby, "Perspective: The Cyber Frontier and
Infrastructure," in IEEE Access, vol. 8, pp. 28301-28310, 2020, doi:
10.1109/ACCESS.2020.2971960.
[114] D. Lin et al., "Elaborate Reliability Evaluation of Cyber Physical
Distribution Systems Considering Fault Location, Isolation and Supply
Restoration Process," in IEEE Access, vol. 8, pp. 128574-128590, 2020, doi:
10.1109/ACCESS.2020.3007477.
[115] Y. Qin, T. Xie, C. Xu, A. Astorga and J. Lu, "CoMID: Context-Based
Multiinvariant Detection for Monitoring Cyber-Physical Software," in IEEE
Transactions on Reliability, vol. 69, no. 1, pp. 106-123, March 2020, doi:
10.1109/TR.2019.2933324.
[116] H. Li et al., "Pinning-Based Switching Control of Cyber-Physical
Supercapacitor Energy Storage Systems," in IEEE Transactions on Control
Systems Technology, vol. 28, no. 4, pp. 1520-1533, July 2020, doi:
10.1109/TCST.2019.2916039.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
[117] Z. Zhang, S. Huang, F. Liu and S. Mei, "Pattern Analysis of
Topological Attacks in Cyber-Physical Power Systems Considering
Cascading Outages," in IEEE Access, vol. 8, pp. 134257-134267, 2020, doi:
10.1109/ACCESS.2020.3006555.
[118] Y. Pang, H. Xia and M. J. Grimble, "Resilient Nonlinear Control for
Attacked Cyber-Physical Systems," in IEEE Transactions on Systems, Man,
and Cybernetics: Systems, vol. 50, no. 6, pp. 2129-2138, June 2020, doi:
10.1109/TSMC.2018.2801868.
[119] Y. Ni, Z. Guo, Y. Mo and L. Shi, "On the Performance Analysis of
Reset Attack in Cyber-Physical Systems," in IEEE Transactions on Automatic
Control, vol. 65, no. 1, pp. 419-425, Jan. 2020, doi:
10.1109/TAC.2019.2914655.
[120] A. Munir and F. Koushanfar, "Design and Analysis of Secure and
Dependable Automotive CPS: A Steer-by-Wire Case Study," in IEEE
Transactions on Dependable and Secure Computing, vol. 17, no. 4, pp. 813-
827, 1 July-Aug. 2020, doi: 10.1109/TDSC.2018.2846741.
[121] L. Chen, D. Yue, C. Dou, J. Chen and Z. Cheng, "Study on attack paths
of cyber attack in cyber-physical power systems," in IET Generation,
Transmission & Distribution, vol. 14, no. 12, pp. 2352-2360, 19 6 2020, doi:
10.1049/iet-gtd.2019.1330.
[122] Y. Wang, M. M. Amin, J. Fu and H. B. Moussa, "A Novel Data
Analytical Approach for False Data Injection Cyber-Physical Attack
Mitigation in Smart Grids," in IEEE Access, vol. 5, pp. 26022-26033, 2017,
doi: 10.1109/ACCESS.2017.2769099.
[123] P. A. Oyewole and D. Jayaweera, "Power System Security With Cyber-
Physical Power System Operation," in IEEE Access, vol. 8, pp. 179970-
179982, 2020, doi: 10.1109/ACCESS.2020.3028222.
[124] A. Kanellopoulos and K. G. Vamvoudakis, "A Moving Target Defense
Control Framework for Cyber-Physical Systems," in IEEE Transactions on
Automatic Control, vol. 65, no. 3, pp. 1029-1043, March 2020, doi:
10.1109/TAC.2019.2915746.
[125] M. Keshk, B. Turnbull, N. Moustafa, D. Vatsalan and K. R. Choo, "A
Privacy-Preserving-Framework-Based Blockchain and Deep Learning for
Protecting Smart Power Networks," in IEEE Transactions on Industrial
Informatics, vol. 16, no. 8, pp. 5110-5118, Aug. 2020, doi:
10.1109/TII.2019.2957140.
[126] Z. Cao, Y. Niu and J. Song, "Finite-Time Sliding-Mode Control of
Markovian Jump Cyber-Physical Systems Against Randomly Occurring
Injection Attacks," in IEEE Transactions on Automatic Control, vol. 65, no. 3,
pp. 1264-1271, March 2020, doi: 10.1109/TAC.2019.2926156.
[127] T. Zhang and D. Ye, "Distributed Secure Control Against Denial-of-
Service Attacks in Cyber-Physical Systems Based on K-Connected
Communication Topology," in IEEE Transactions on Cybernetics, vol. 50, no.
7, pp. 3094-3103, July 2020, doi: 10.1109/TCYB.2020.2973303.
[128] X. Fu, G. Chen and D. Yang, "Local False Data Injection Attack Theory
Considering Isolation Physical-Protection in Power Systems," in IEEE Access,
vol. 8, pp. 103285-103290, 2020, doi: 10.1109/ACCESS.2020.2999585.
[129] H. Wang, H. Zhao, J. Zhang, D. Ma, J. Li and J. Wei, "Survey on
Unmanned Aerial Vehicle Networks: A Cyber Physical System Perspective,"
in IEEE Communications Surveys & Tutorials, vol. 22, no. 2, pp. 1027-1070,
Secondquarter 2020, doi: 10.1109/COMST.2019.2962207.
[130] Z. Ghaffar, S. Ahmed, K. Mahmood, S. H. Islam, M. M. Hassan and G.
Fortino, "An Improved Authentication Scheme for Remote Data Access and
Sharing Over Cloud Storage in Cyber-Physical-Social-Systems," in IEEE
Access, vol. 8, pp. 47144-47160, 2020, doi: 10.1109/ACCESS.2020.2977264.
[131] F. Shang, B. Wang, T. Li, J. Tian and K. Cao, "CPFuzz: Combining
Fuzzing and Falsification of Cyber-Physical Systems," in IEEE Access, vol. 8,
pp. 166951-166962, 2020, doi: 10.1109/ACCESS.2020.3023250.
[132] H. Karimipour and H. Leung, "Relaxation-based anomaly detection in
cyber-physical systems using ensemble kalman filter," in IET Cyber-Physical
Systems: Theory & Applications, vol. 5, no. 1, pp. 49-58, 3 2020, doi:
10.1049/iet-cps.2019.0031.
[133] J. Tian, R. Tan, X. Guan, Z. Xu and T. Liu, "Moving Target Defense
Approach to Detecting Stuxnet-Like Attacks," in IEEE Transactions on Smart
Grid, vol. 11, no. 1, pp. 291-300, Jan. 2020, doi: 10.1109/TSG.2019.2921245.
[134] A. A. Jahromi, A. Kemmeugne, D. Kundur and A. Haddadi, "Cyber-
Physical Attacks Targeting Communication-Assisted Protection Schemes," in
IEEE Transactions on Power Systems, vol. 35, no. 1, pp. 440-450, Jan. 2020,
doi: 10.1109/TPWRS.2019.2924441.
[135] F. Ahmad, F. Kurugollu, A. Adnane, R. Hussain and F. Hussain,
"MARINE: Man-in-the-Middle Attack Resistant Trust Model in Connected
Vehicles," in IEEE Internet of Things Journal, vol. 7, no. 4, pp. 3310-3322,
April 2020, doi: 10.1109/JIOT.2020.2967568.
[136] H. Pearce, S. Pinisetty, P. S. Roop, M. M. Y. Kuo and A. Ukil, "Smart
I/O Modules for Mitigating Cyber-Physical Attacks on Industrial Control
Systems," in IEEE Transactions on Industrial Informatics, vol. 16, no. 7, pp.
4659-4669, July 2020, doi: 10.1109/TII.2019.2945520.
[137] A. Al-Abassi, H. Karimipour, A. Dehghantanha and R. M. Parizi, "An
Ensemble Deep Learning-Based Cyber-Attack Detection in Industrial Control
System," in IEEE Access, vol. 8, pp. 83965-83973, 2020, doi:
10.1109/ACCESS.2020.2992249.
[138] M. U. Hassan, M. H. Rehmani and J. Chen, "Differential Privacy
Techniques for Cyber Physical Systems: A Survey," in IEEE Communications
Surveys & Tutorials, vol. 22, no. 1, pp. 746-789, Firstquarter 2020, doi:
10.1109/COMST.2019.2944748.
[139] H. Cui, F. Li and K. Tomsovic, "Cyber-physical system testbed for
power system monitoring and wide-area control verification," in IET Energy
Systems Integration, vol. 2, no. 1, pp. 32-39, 3 2020, doi: 10.1049/iet-
esi.2019.0084.
[140] Y. Zhu and W. X. Zheng, "Observer-Based Control for Cyber-Physical
Systems With Periodic DoS Attacks via a Cyclic Switching Strategy," in
IEEE Transactions on Automatic Control, vol. 65, no. 8, pp. 3714-3721, Aug.
2020, doi: 10.1109/TAC.2019.2953210.
[141] Y. Wu, H. Xu and M. Ni, "Defensive Resource Allocation Method for
Improving Survivability of Communication and Information System in CPPS
Against Cyber-attacks," in Journal of Modern Power Systems and Clean
Energy, vol. 8, no. 4, pp. 750-759, July 2020, doi:
10.35833/MPCE.2019.000148.
[142] Q. Zhang, K. Liu, Y. Xia and A. Ma, "Optimal Stealthy Deception
Attack Against Cyber-Physical Systems," in IEEE Transactions on
Cybernetics, vol. 50, no. 9, pp. 3963-3972, Sept. 2020, doi:
10.1109/TCYB.2019.2912622.
[143] S. Zhao, J. Liu, Y. Shen, X. Jiang and N. Shiratori, "Secure
Beamforming for Full-Duplex MIMO Two-Way Untrusted Relay Systems,"
in IEEE Transactions on Information Forensics and Security, vol. 15, pp.
3775-3790, 2020, doi: 10.1109/TIFS.2020.3001733.
[144] X. Luo, Y. Li, X. Wang and X. Guan, "Interval Observer-based
Detection and Localization against False Data Injection Attack in Smart
Grids," in IEEE Internet of Things Journal, doi: 10.1109/JIOT.2020.3005926.
[145] L. Zhao, M. Ni, H. Tong and Y. Li, "Design and application of
distributed co-simulation platform for cyber physical power system based on
the concepts of software bus and middleware," in IET Cyber-Physical
Systems: Theory & Applications, vol. 5, no. 1, pp. 71-79, 3 2020, doi:
10.1049/iet-cps.2018.5084.
[146] A. K. Sikder, H. Aksu and A. S. Uluagac, "A Context-Aware
Framework for Detecting Sensor-Based Threats on Smart Devices," in IEEE
Transactions on Mobile Computing, vol. 19, no. 2, pp. 245-261, 1 Feb. 2020,
doi: 10.1109/TMC.2019.2893253.
[147] Z. Zhao, Y. Li, Y. Yang, L. Li, Y. Xu and J. Zhou, "Sparse
Undetectable Sensor Attacks Against Cyber-Physical Systems: A Subspace
Approach," in IEEE Transactions on Circuits and Systems II: Express Briefs,
vol. 67, no. 11, pp. 2517-2521, Nov. 2020, doi: 10.1109/TCSII.2019.2953238.
[148] Y. Wu et al., "False Load Attack to Smart Meters by Synchronously
Switching Power Circuits," in IEEE Transactions on Smart Grid, vol. 10, no.
3, pp. 2641-2649, May 2019, doi: 10.1109/TSG.2018.2806896.
[149] X. Xia, Y. Xiao and W. Liang, "ABSI: An Adaptive Binary Splitting
Algorithm for Malicious Meter Inspection in Smart Grid," in IEEE
Transactions on Information Forensics and Security, vol. 14, no. 2, pp. 445-
458, Feb. 2019, doi: 10.1109/TIFS.2018.2854703.
[150] E. Drayer and T. Routtenberg, "Detection of False Data Injection
Attacks in Smart Grids Based on Graph Signal Processing," in IEEE Systems
Journal, vol. 14, no. 2, pp. 1886-1896, June 2020, doi:
10.1109/JSYST.2019.2927469.
[151] C. Li, Z. Qin, E. Novak and Q. Li, "Securing SDN Infrastructure of
IoT–Fog Networks From MitM Attacks," in IEEE Internet of Things Journal,
vol. 4, no. 5, pp. 1156-1164, Oct. 2017, doi: 10.1109/JIOT.2017.2685596.
[152] S. Ohira, A. K. Desta, I. Arai, H. Inoue and K. Fujikawa, "Normal and
Malicious Sliding Windows Similarity Analysis Method for Fast and
Accurate IDS Against DoS Attacks on In-Vehicle Networks," in IEEE Access,
vol. 8, pp. 42422-42435, 2020, doi: 10.1109/ACCESS.2020.2975893.
[153] T. Nguyen, S. Wang, M. Alhazmi, M. Nazemi, A. Estebsari and P.
Dehghanian, "Electric Power Grid Resilience to Cyber Adversaries: State of

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
the Art," in IEEE Access, vol. 8, pp. 87592-87608, 2020, doi:
10.1109/ACCESS.2020.2993233.
[154] L. An and G. Yang, "Opacity Enforcement for Confidential Robust
Control in Linear Cyber-Physical Systems," in IEEE Transactions on
Automatic Control, vol. 65, no. 3, pp. 1234-1241, March 2020, doi:
10.1109/TAC.2019.2925498.
[155] A. Sturaro, S. Silvestri, M. Conti and S. K. Das, "A Realistic Model for
Failure Propagation in Interdependent Cyber-Physical Systems," in IEEE
Transactions on Network Science and Engineering, vol. 7, no. 2, pp. 817-831,
1 April-June 2020, doi: 10.1109/TNSE.2018.2872034.
[156] M. R. Camana Acosta, S. Ahmed, C. E. Garcia and I. Koo, "Extremely
Randomized Trees-Based Scheme for Stealthy Cyber-Attack Detection in
Smart Grid Networks," in IEEE Access, vol. 8, pp. 19921-19933, 2020, doi:
10.1109/ACCESS.2020.2968934.
[157] J. Zhang, G. Li, A. Marshall, A. Hu and L. Hanzo, "A New Frontier for
IoT Security Emerging From Three Decades of Key Generation Relying on
Wireless Channels," in IEEE Access, vol. 8, pp. 138406-138446, 2020, doi:
10.1109/ACCESS.2020.3012006.
[158] A. J. M. Milne, A. Beckmann and P. Kumar, "Cyber-Physical Trust
Systems Driven by Blockchain," in IEEE Access, vol. 8, pp. 66423-66437,
2020, doi: 10.1109/ACCESS.2020.2984675.
[159] R. Lu, H. Shen, Z. Feng, H. Li, W. Zhao and X. Li, "HTDet: A
clustering method using information entropy for hardware Trojan detection,"
in Tsinghua Science and Technology, vol. 26, no. 1, pp. 48-61, Feb. 2021, doi:
10.26599/TST.2019.9010047.
[160] J. Chen, M. Liu, T. O'Donnell and F. Milano, "Impact of Current
Transients on the Synchronization Stability Assessment of Grid-Feeding
Converters," in IEEE Transactions on Power Systems, vol. 35, no. 5, pp.
4131-4134, Sept. 2020, doi: 10.1109/TPWRS.2020.3009858.
[161] J. Fang, J. Yu, Y. Zhang and S. M. Goetz, "An Estimation-Based
Solution to Weak-Grid-Induced Small-Signal Stability Problems of Power
Converters," in IEEE Journal of Emerging and Selected Topics in Power
Electronics, doi: 10.1109/JESTPE.2020.3030720.
[162] J. Milošević, H. Sandberg and K. H. Johansson, "Estimating the Impact
of Cyber-Attack Strategies for Stochastic Networked Control Systems," in
IEEE Transactions on Control of Network Systems, vol. 7, no. 2, pp. 747-757,
June 2020, doi: 10.1109/TCNS.2019.2940253.
[163] S. M. S. Hussain, T. S. Ustun and A. Kalam, "A Review of IEC 62351
Security Mechanisms for IEC 61850 Message Exchanges," in IEEE
Transactions on Industrial Informatics, vol. 16, no. 9, pp. 5643-5654, Sept.
2020, doi: 10.1109/TII.2019.2956734.
[164] D. Ye and T. Zhang, "Summation Detector for False Data-Injection
Attack in Cyber-Physical Systems," in IEEE Transactions on Cybernetics,
vol. 50, no. 6, pp. 2338-2345, June 2020, doi: 10.1109/TCYB.2019.2915124.
[165] D. Sun, Q. Zhang, D. Wei and M. Zhang, "A Secure Constellation
Design for Polarized Modulation in Wireless Communications," in IEEE
Access, vol. 8, pp. 130588-130597, 2020, doi:
10.1109/ACCESS.2020.3006833.
[166] S. Gao, Z. Peng, B. Xiao, A. Hu, Y. Song and K. Ren, "Detection and
Mitigation of DoS Attacks in Software Defined Networks," in IEEE/ACM
Transactions on Networking, vol. 28, no. 3, pp. 1419-1433, June 2020, doi:
10.1109/TNET.2020.2983976.
[167] R. Gupta, S. Tanwar, F. Al-Turjman, P. Italiya, A. Nauman and S. W.
Kim, "Smart Contract Privacy Protection Using AI in Cyber-Physical
Systems: Tools, Techniques and Challenges," in IEEE Access, vol. 8, pp.
24746-24772, 2020, doi: 10.1109/ACCESS.2020.2970576.
[168] M. Gupta, M. Abdelsalam, S. Khorsandroo and S. Mittal, "Security and
Privacy in Smart Farming: Challenges and Opportunities," in IEEE Access,
vol. 8, pp. 34564-34584, 2020, doi: 10.1109/ACCESS.2020.2975142.
[169] H. W. Lim, G. S. Poh, J. Xu and V. Chittawar, "$\mathsf{PrivateLink}$
: Privacy-Preserving Integration and Sharing of Datasets," in IEEE
Transactions on Information Forensics and Security, vol. 15, pp. 564-577,
2020, doi: 10.1109/TIFS.2019.2924201.
[170] S. Wang et al., "A Fast CP-ABE System for Cyber-Physical Security
and Privacy in Mobile Healthcare Network," in IEEE Transactions on
Industry Applications, vol. 56, no. 4, pp. 4467-4477, July-Aug. 2020, doi:
10.1109/TIA.2020.2969868.
[171] X. Yang et al., “A novel en-route filtering scheme against false data
injection attacks in cyber-physical networked systems,” IEEE Trans. Comput.,
vol. 64, no. 1, pp. 4–18, Jan. 2015.
[172] F. Andrén, R. Bründlinger and T. Strasser, "IEC 61850/61499 Control
of Distributed Energy Resources: Concept, Guidelines, and Implementation,"
in IEEE Transactions on Energy Conversion, vol. 29, no. 4, pp. 1008-1017,
Dec. 2014, doi: 10.1109/TEC.2014.2352338.
[173] M. Weiss, Y. Li-Baboud, D. Anand, P. Boynton, K. G. Brady and M.
Burns, "A Calibration of Timing Accuracy in NIST Cyber-Physical Systems
Testbed," 2018 IEEE International Symposium on Precision Clock
Synchronization for Measurement, Control, and Communication (ISPCS),
Geneva, 2018, pp. 1-6, doi: 10.1109/ISPCS.2018.8543081.
[174] I. Dutt, S. Borah and I. K. Maitra, "Immune System Based Intrusion
Detection System (IS-IDS): A Proposed Model," in IEEE Access, vol. 8, pp.
34929-34941, 2020, doi: 10.1109/ACCESS.2020.2973608.
[175] G. Pu, L. Wang, J. Shen and F. Dong, "A hybrid unsupervised
clustering-based anomaly detection method," in Tsinghua Science and
Technology, vol. 26, no. 2, pp. 146-153, April 2021, doi:
10.26599/TST.2019.9010051.
[176] H. Hindy et al., "A Taxonomy of Network Threats and the Effect of
Current Datasets on Intrusion Detection Systems," in IEEE Access, vol. 8, pp.
104650-104675, 2020, doi: 10.1109/ACCESS.2020.3000179.
[177] F. M. Cleveland, "Cyber security issues for Advanced Metering
Infrasttructure (AMI)," 2008 IEEE Power and Energy Society General
Meeting - Conversion and Delivery of Electrical Energy in the 21st Century,
Pittsburgh, PA, 2008, pp. 1-5, doi: 10.1109/PES.2008.4596535.
[178] Y. Peng et al., "Self-Layer and Cross-Layer Bilinear Aggregation for
Fine-Grained Recognition in Cyber-Physical-Social Systems," in IEEE
Access, vol. 8, pp. 55826-55833, 2020, doi: 10.1109/ACCESS.2020.2981950.
[179] M. Eskandari, Z. H. Janjua, M. Vecchio and F. Antonelli, "Passban IDS:
An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge
Devices," in IEEE Internet of Things Journal, vol. 7, no. 8, pp. 6882-6897,
Aug. 2020, doi: 10.1109/JIOT.2020.2970501.
[180] T. Dimitriou and G. O. Karame, "Enabling Anonymous Authorization
and Rewarding in the Smart Grid," in IEEE Transactions on Dependable and
Secure Computing, vol. 14, no. 5, pp. 565-572, 1 Sept.-Oct. 2017, doi:
10.1109/TDSC.2015.2496211.
[181] P. S. P. Pessim and M. J. Lacerda, "State-Feedback Control for Cyber-
Physical LPV Systems Under DoS Attacks," in IEEE Control Systems Letters,
vol. 5, no. 3, pp. 1043-1048, July 2021, doi: 10.1109/LCSYS.2020.3009176.
[182] B. Moussa, M. Kassouf, R. Hadjidj, M. Debbabi and C. Assi, "An
Extension to the Precision Time Protocol (PTP) to Enable the Detection of
Cyber Attacks," in IEEE Transactions on Industrial Informatics, vol. 16, no.
1, pp. 18-27, Jan. 2020, doi: 10.1109/TII.2019.2943913.
[183] A. S. Sani, D. Yuan, W. Bao and Z. Y. Dong, "A Universally
Composable Key Exchange Protocol for Advanced Metering Infrastructure in
the Energy Internet," in IEEE Transactions on Industrial Informatics, vol. 17,
no. 1, pp. 534-546, Jan. 2021, doi: 10.1109/TII.2020.2971707.
[184] K. G. Lore, D. M. Shila and L. Ren, "Detecting Data Integrity Attacks
on Correlated Solar Farms Using Multi-layer Data Driven Algorithm," 2018
IEEE Conference on Communications and Network Security (CNS), Beijing,
2018, pp. 1-9, doi: 10.1109/CNS.2018.8433159.
[185] M. N. I. Sarkar, L. G. Meegahapola and M. Datta, "Reactive Power
Management in Renewable Rich Power Grids: A Review of Grid-Codes,
Renewable Generators, Support Devices, Control Strategies and Optimization
Algorithms," in IEEE Access, vol. 6, pp. 41458-41489, 2018, doi:
10.1109/ACCESS.2018.2838563.
[186] M. Aibin, "The Weather Impact on Heating and Air Conditioning With
Smart Thermostats," in Canadian Journal of Electrical and Computer
Engineering, vol. 43, no. 3, pp. 190-194, Summer 2020, doi:
10.1109/CJECE.2020.2978459.
[187] A. Rasool et al., "Enhanced control strategies of VSG for EV charging
station under a low inertia microgrid," in IET Power Electronics, vol. 13, no.
13, pp. 2895-2904, 14 10 2020, doi: 10.1049/iet-pel.2019.1592.
[188] X. Wu, Y. Xu, J. He, X. Wang, J. C. Vasquez and J. M. Guerrero,
"Pinning-Based Hierarchical and Distributed Cooperative Control for AC
Microgrid Clusters," in IEEE Transactions on Power Electronics, vol. 35, no.
9, pp. 9865-9885, Sept. 2020, doi: 10.1109/TPEL.2020.2972321.
[189] S. Sengupta, A. Chowdhary, A. Sabur, A. Alshamrani, D. Huang and S.
Kambhampati, "A Survey of Moving Target Defenses for Network Security,"
in IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1909-1941,
thirdquarter 2020, doi: 10.1109/COMST.2020.2982955.
[190] H. Hu, Y. Liu, C. Chen, H. Zhang and Y. Liu, "Optimal Decision
Making Approach for Cyber Security Defense Using Evolutionary Game," in

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
IEEE Transactions on Network and Service Management, vol. 17, no. 3, pp.
1683-1700, Sept. 2020, doi: 10.1109/TNSM.2020.2995713.
[191] A. Kanellopoulos and K. G. Vamvoudakis, "A Moving Target Defense
Control Framework for Cyber-Physical Systems," in IEEE Transactions on
Automatic Control, vol. 65, no. 3, pp. 1029-1043, March 2020, doi:
10.1109/TAC.2019.2915746.
[192] M. S. Rahman, M. A. Mahmud, A. M. T. Oo and H. R. Pota, "Multi-
Agent Approach for Enhancing Security of Protection Schemes in Cyber-
Physical Energy Systems," in IEEE Transactions on Industrial Informatics,
vol. 13, no. 2, pp. 436-447, April 2017, doi: 10.1109/TII.2016.2612645.
[193] R. Moslemi, A. Mesbahi and J. M. Velni, "A Fast, Decentralized
Covariance Selection-Based Approach to Detect Cyber Attacks in Smart
Grids," in IEEE Transactions on Smart Grid, vol. 9, no. 5, pp. 4930-4941,
Sept. 2018, doi: 10.1109/TSG.2017.2675960.
[194] M. N. Kurt, O. Ogundijo, C. Li and X. Wang, "Online Cyber-Attack
Detection in Smart Grid: A Reinforcement Learning Approach," in IEEE
Transactions on Smart Grid, vol. 10, no. 5, pp. 5174-5185, Sept. 2019, doi:
10.1109/TSG.2018.2878570.
[195] H. Karimipour, A. Dehghantanha, R. M. Parizi, K. R. Choo and H.
Leung, "A Deep and Scalable Unsupervised Machine Learning System for
Cyber-Attack Detection in Large-Scale Smart Grids," in IEEE Access, vol. 7,
pp. 80778-80788, 2019, doi: 10.1109/ACCESS.2019.2920326.
[196] F. Hussain, R. Hussain, S. A. Hassan and E. Hossain, "Machine
Learning in IoT Security: Current Solutions and Future Challenges," in IEEE
Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1686-1721,
thirdquarter 2020, doi: 10.1109/COMST.2020.2986444.
[197] G. Ravikumar and M. Govindarasu, "Anomaly Detection and Mitigation
for Wide-Area Damping Control using Machine Learning," in IEEE
Transactions on Smart Grid, doi: 10.1109/TSG.2020.2995313.
[198] H. Wang et al., "Deep Learning-Based Interval State Estimation of AC
Smart Grids Against Sparse Cyber Attacks," in IEEE Transactions on
Industrial Informatics, vol. 14, no. 11, pp. 4766-4778, Nov. 2018, doi:
10.1109/TII.2018.2804669.
[199] M. Dehghani, A. Kavousi-Fard, M. Dabbaghjamanesh and O.
Avatefipour, "Deep learning based method for false data injection attack
detection in AC smart islands," in IET Generation, Transmission &
Distribution, vol. 14, no. 24, pp. 5756-5765, 18 12 2020, doi: 10.1049/iet-
gtd.2020.0391.
[200] S. Ahmed, Y. Lee, S. Hyun and I. Koo, "Unsupervised Machine
Learning-Based Detection of Covert Data Integrity Assault in Smart Grid
Networks Utilizing Isolation Forest," in IEEE Transactions on Information
Forensics and Security, vol. 14, no. 10, pp. 2765-2777, Oct. 2019, doi:
10.1109/TIFS.2019.2902822.
[201] Z. Wang, Y. Chen, F. Liu, Y. Xia and X. Zhang, "Power System
Security Under False Data Injection Attacks With Exploitation and
Exploration Based on Reinforcement Learning," in IEEE Access, vol. 6, pp.
48785-48796, 2018, doi: 10.1109/ACCESS.2018.2856520.
[202] F. Wei, Z. Wan and H. He, "Cyber-Attack Recovery Strategy for Smart
Grid Based on Deep Reinforcement Learning," in IEEE Transactions on
Smart Grid, vol. 11, no. 3, pp. 2476-2486, May 2020, doi:
10.1109/TSG.2019.2956161.
[203] Z. Wang, H. He, Z. Wan and Y. Sun, "Coordinated Topology Attacks in
Smart Grid Using Deep Reinforcement Learning," in IEEE Transactions on
Industrial Informatics, vol. 17, no. 2, pp. 1407-1415, Feb. 2021, doi:
10.1109/TII.2020.2994977.
[204] M. I. Oozeer and S. Haykin, "Cognitive Dynamic System for Control
and Cyber-Attack Detection in Smart Grid," in IEEE Access, vol. 7, pp.
78320-78335, 2019, doi: 10.1109/ACCESS.2019.2922410.
[205] M. I. Oozeer and S. Haykin, "Cognitive Risk Control for Mitigating
Cyber-Attack in Smart Grid," in IEEE Access, vol. 7, pp. 125806-125826,
2019, doi: 10.1109/ACCESS.2019.2939089.
[206] W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf and Y. A. Bangash, "An
In-Depth Analysis of IoT Security Requirements, Challenges, and Their
Countermeasures via Software-Defined Security," in IEEE Internet of Things
Journal, vol. 7, no. 10, pp. 10250-10276, Oct. 2020, doi:
10.1109/JIOT.2020.2997651.
[207] B. Jiang, J. Yang, G. Ding and H. Wang, "Cyber-Physical Security
Design in Multimedia Data Cache Resource Allocation for Industrial
Networks," in IEEE Transactions on Industrial Informatics, vol. 15, no. 12,
pp. 6472-6480, Dec. 2019, doi: 10.1109/TII.2019.2917693.
[208] S. Rafi, W. Yu, M. A. Akbar, A. Alsanad and A. Gumaei,
"Prioritization Based Taxonomy of DevOps Security Challenges Using
PROMETHEE," in IEEE Access, vol. 8, pp. 105426-105446, 2020, doi:
10.1109/ACCESS.2020.2998819.
[209] J. Hamilton, "Cyber Security: Advice from the Front Line," in ITNOW,
vol. 62, no. 1, pp. 38-39, March 2020, doi: 10.1093/itnow/bwaa017.
[210] S. Y. Enoch, Z. Huang, C. Y. Moon, D. Lee, M. K. Ahn and D. S. Kim,
"HARMer: Cyber-Attacks Automation and Evaluation," in IEEE Access, vol.
8, pp. 129397-129414, 2020, doi: 10.1109/ACCESS.2020.3009748.
[211] H. Chen, Q. Han, S. Jajodia, R. Lindelauf, V. S. Subrahmanian and Y.
Xiong, "Disclose or Exploit? A Game-Theoretic Approach to Strategic
Decision Making in Cyber-Warfare," in IEEE Systems Journal, vol. 14, no. 3,
pp. 3779-3790, Sept. 2020, doi: 10.1109/JSYST.2020.2964985.
[212] C. Miranda, G. Kaddoum, E. Bou-Harb, S. Garg and K. Kaur, "A
Collaborative Security Framework for Software-Defined Wireless Sensor
Networks," in IEEE Transactions on Information Forensics and Security, vol.
15, pp. 2602-2615, 2020, doi: 10.1109/TIFS.2020.2973875.
[213] M. M. Rana and R. Bo, "IoT-based cyber-physical communication
architecture: challenges and research directions," in IET Cyber-Physical
Systems: Theory & Applications, vol. 5, no. 1, pp. 25-30, 3 2020, doi:
10.1049/iet-cps.2019.0028.
[214] M. I. Ali et al., "Security Challenges and Cyber Forensic Ecosystem in
IoT Driven BYOD Environment," in IEEE Access, vol. 8, pp. 172770-172782,
2020, doi: 10.1109/ACCESS.2020.3024784.
[215] M. Zhan, J. Wu, H. Wen and P. Zhang, "A Novel Error Correction
Mechanism for Energy-Efficient Cyber-Physical Systems in Smart Building,"
in IEEE Access, vol. 6, pp. 39037-39045, 2018, doi:
10.1109/ACCESS.2018.2854794.
[216] D. Ye, T. Zhu, S. Shen and W. Zhou, "A Differentially Private Game
Theoretic Approach for Deceiving Cyber Adversaries," in IEEE Transactions
on Information Forensics and Security, vol. 16, pp. 569-584, 2021, doi:
10.1109/TIFS.2020.3016842.
[217] W. Gao, W. Yu, F. Liang, W. G. Hatcher and C. Lu, "Privacy-
Preserving Auction for Big Data Trading Using Homomorphic Encryption,"
in IEEE Transactions on Network Science and Engineering, vol. 7, no. 2, pp.
776-791, 1 April-June 2020, doi: 10.1109/TNSE.2018.2846736.
[218] L. Chen, D. Yue, C. Dou, J. Chen and Z. Cheng, "Evaluation of cyber-
physical power systems in cascading failure: node vulnerability and systems
connectivity," in IET Generation, Transmission & Distribution, vol. 14, no. 7,
pp. 1197-1206, 14 4 2020, doi: 10.1049/iet-gtd.2019.1286.
MAHMOUD AMIN (Senior Member, IEEE) received his
PhD degree in Electrical Engineering from Florida
International University, Miami, FL, USA, in 2012.
Currently, he is an Associate Professor in the ECE
Department at Manhattan College, New York, USA,
Courtesy Research Associate Professor at Florida
International University, and Researcher with the
Electronic Research Institute. His research interests
include applications of power electronics in renewable energy systems,
microgrids, adjustable speed drives and smart grid. He has one edited book,
one book chapter, and over 60 articles in professional journals and refereed
international conference proceedings. He is the Director of the Sustainable
Energy Systems Lab at Manhattan College. He is an Editor for the Machines
MDPI, Guest Editor for IEEE Transactions on Energy Conversion and IEEE
Transactions on Magnetics and the recipient of the IEEE PES GM 2010 paper
contest award, the main award in Typhoon HIL's 10 for 10 Program, the 7x24
University Challenge Award, the Intel FPGA University Program Grant
Award, and the Grand Challenge $2M Grant.
FAYEZ F. M. EL-SOUSY (Member, IEEE) received
the B.Sc. degree in electrical engineering from Menoufia
University, Al Minufya, Egypt, in 1988, and the M.Sc.
and Ph.D. degrees in electrical engineering from Cairo
University, Giza, Egypt, in 1994 and 2000, respectively.
Since 1990, he has been with the Department of Power
Electronics and Energy Conversion, Electronics Research
Institute, Giza, Egypt, where he is currently a Full
Professor. From August 1995 to June 2003, he was in the
Department of Electrical Engineering, October Six University, Giza Egypt.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3063229, IEEE Access
From April 2004 to February 2007, he was a Post-Doctoral Visiting
Researcher at the Graduate School of Information Science and Electrical
Engineering, Kyushu University, Fukuoka, Japan. From 2007 to 2010, he was
in the Department of Electrical Engineering, College of Engineering, King
Saud University, Riyadh, Saudi Arabia. From 2010 to 2014, he was in the
Department of Electrical Engineering, College of Engineering, Salman bin
Abdulaziz University, Al-Kharj, Saudi Arabia. Since 2014, he has been with
the Department of Electrical Engineering, College of Engineering, Prince
Sattam bin Abdulaziz University, Saudi Arabia. His research interests are in
the areas of modeling and control of motor drives, motion-control systems,
wind energy systems, digital signal processing-based computer control
systems, computational intelligent of power electronics and electric drives,
intelligent control theories including fuzzy logic, neural networks, and
wavelets, nonlinear control and optimal control, and robust control. He is
currently interested in the intelligent control of Maglev vehicle transportation
system.
GHADA A. ABDEL AZIZ (Member, IEEE) received
her B.Sc and the M.Sc degrees in Electrical Engineering,
both from Minofiya University, Egypt, in 2006, 2009,
respectively, and the Ph.D. degree in Electrical
Engineering from Cairo University, Egypt in 2015. From
2006 to 2008, she was TA with several academic
institutions in Egypt. Since 2009, she joined the
Electronics Research Institute in Egypt as a research
assistant. From 2015 to present she is a researcher at the Electronics Research
Institute in Egypt. She was awarded as the best researcher at Electronics
Research Institute due to her published papers at IEEE in 2018 and 2019. She
has over 35 published papers in professional journals and refereed
international conference proceedings. Her current research interests include
control of electrical machines, electrical machines drives, fault tolerant
control, fault tolerant design of electric machine, power electronics in
renewable energy systems, and smart grid security. She is the associate editor
at the Journal of Electrical Systems and Information Technology.
KHALED GABER received his B.Sc and M.Sc
degrees in Electronics and Communications
Engineering, both from Arab Academy for Science,
Technology and Maritime Transport (AASTMT)
Egypt, in 2005, 2011, respectively, and his Ph.D.
degree in Electronics and Communications
Engineering, Al-Azhar University, Cairo, Egypt in
2020. He is participating in several academic research
activities at the National Research Center (NRC) and
Electronics Research Institute (ERI) Cairo, Egypt.
Since 2005, he started his career in different sectors of telecom industries. He
is holding many certificates in project and program management including
PRINCE2 Agile® Foundation & Practitioner, Synergy® V.6 Foundation &
Practitioner, ITIL V4® and Certified Scrum Master®. To present he is a
Project Director and International B2GaaS Program Manager in one of the
leading multinational telecom firms. His current research interests include
MEMS sensors, attitude determination in small satellites, cyber security,
control of electronic and communication systems.
OSAMA MOHAMMED (Life Fellow, IEEE) is a
Distinguished Professor of Electrical Engineering and
the Associate Dean of Research at the College of
Engineering and Computing, Florida International
University, Miami, Florida, USA. He is the director of
the Energy Systems Research Laboratory at FIU. His
research interests include; computational
electromagnetics, design optimization of EM devices,
physics-based modeling in electric drives, and power
electronic systems. His research also involves diagnostics through EM
signatures, EMI, energy cyber-physical systems, and smart grid
communications. He is recently involved in utilizing wideband gap devices
and packaging designs for improved power densities and thermal management
for transportation electrification and renewable energy and storage
applications. He has more than 16 patents awarded or filed and has published
more than 800 articles in refereed journals and other IEEE refereed
international conference records. He is a Fellow of IEEE and an elected fellow
of the Applied Computational Electromagnetic Society. He received the IEEE
PES Cyril Veinott Electromechanical Energy Conversion Award and the 2012
Outstanding Research Award from Florida International University, the 2017
outstanding doctoral mentor. He was named distinguished professor at FIU in
2018. Professor Mohammed has served or currently serving as the
International Steering Committee Chair for the IEEE IEMDC, the IEEE
CEFC, ACES, and COMPUMAG. Professor Mohammed also served as
General Chair for more than ten major international conferences and was the
president of the Applied Computational Electromagnetic Society (ACES).