Microgrids create a new paradigm shift of distributed energy resources to meet the

requirements that cannot be fulfilled by the main grid. Microgrid refers to – "A group of
interconnected loads and distributed energy resources within clearly defined electrical
boundaries that act as a single controllable entity concerning the grid. A microgrid can
connect and disconnect from the grid to operate in grid-connected or island mode [1]." The
low-cost, efficient way of dealing with energy resilience by overcoming power outages
makes microgrids a stand-stone choice for different use cases. This benefit is ensured by
activating islanded mode, which refers to discontinuation from the main grid while
necessary and using renewable energy sources as needed. The microgrid market has been
experiencing remarkable growth recently due to the growing demand for resilient and
decentralized energy systems. Key drivers include the rising demand for grid resilience
amidst calamities and extreme weather. Due to factors like size and complexity,
microgrids have development costs in the range of $2 million to $5 million per MW,
according to a study done in 2018 by the National Renewable Energy Laboratory. The
market projects that by 2025, the global microgrid market will reach about $47.4 billion,
driven by increased advancements in integrating renewable energy sources and storage
technologies [2].

In terms of running a microgrid, the central control system plays the most important role.
The microgrid central controller (MGCC) manages energy balance, regulates voltage and
frequency, and ensures stability by coordinating distributed energy resources (DERs) and
protecting against faults. It enables seamless transition between grid-connected and
islanded modes, prioritizing critical loads and optimizing renewable integration. Energy
balance, voltage, frequency regulations, and stability, by means of coordination of DERs
and fault protection, are performed by the microgrid central controller. It allows seamless
transitions between grid-connected and islanded modes, prioritizing critical loads while
optimizing renewable integrations.

However, over the years, microgrids have become one of the most crucial infrastructures
targeted by attackers. Central control systems, relying heavily on communication
networks, are then very vulnerable to cyberattacks such as DoS, FDI, and replay attacks.
These attacks disrupt systems by blocking resources, compromising the integrity of data,
or replaying data in a fraudulent manner.
Moreover, because microgrids are dependent on distributed communication networks,
they have a lot of vectors for possible attacks: for example, DoS attacks-whereby an
attacker may flood the network, thus blocking critical data flow and breaking down grid
stability. FDI attacks allow attackers to inject false data into the network, which can lead
the controller of a microgrid to make decisions that are unsafe.

Due to the increase in demand for electricity in the last few decades, different nations
adopted more and more power grids such as smart grids and microgrids; however, like
almost all available fields, this energy field also targets different attacker groups and even
state-backed organizations among all the cyberattacks [3]. False data injection (FDI) is one
of the most common cyberattacks targeting smart and microgrids [4]. Distributed denial of
service (DDoS), Man-in-the-middle (MITM), and jamming are the most frequent
cyberattacks [5][6]. Research shows that the implementation of robust authorization and
changing data over the communication link must be encrypted using symmetric or
asymmetric methods [7]. Another study shows the way of detecting cyberattacks based on
ups and downs of voltage and current [8]. A similar kind of approach shows this sort of
attack can be mitigated using resilient optimization and autonomous action system [9]. A
three-stage method to detect and prevent cyberattacks targeting the energy sector was
proposed in another study [10]. Among them, the first one is to find the attack or initial
surveillance and, later on, take action based on this for the next two phases. The research
uses Double Deep Q-Networks to achieve that. According to the Council on Foreign
Relations, the US electricity grid is one of the most critical targets due to its importance to
the economy [11]. The study also indicates that, due to geopolitical tensions in various
parts of the world, the power sector is likely to be significantly affected, especially in the
U.S. A report from the United States Environmental Protection Agency (EPA) states that the
U.S. power grid consists of at least 7,300 power plants, nearly 160,000 miles of high-
voltage power lines, and almost a million miles of low-voltage power lines, connecting a
total of 145 million users nationwide [12]. This report further highlights the potential for
extensive damage if cyberattacks targeting the power grid are not prevented. The following
Table: 1 illustrates the top five cyberattacks on power systems [13].
False Data Injection, FDI can be classified into two distinct categories – I) Injecting false
energy data and II) Injecting false link-state data [15]. Again, these two can be classified
into two subclassifications. Injecting false energy data can be classified into two
categories: requesting a deceiving attack where the attacker compromises demand nodes
by injecting false quantity; on the contrary, in a supply deceiving attack, the attacker
compromises supply nodes by injecting false data. In terms of false link state data, there
are two subcategories; one is misrepresenting authentic or valid energy links as invalid,
and another is considering invalid links as valid. The following [Figure: 1] diagram shows
the classification of False Data Injection.

Over the years, many studies have been conducted to find the best possible solutions to
cyberattacks in microgrids. However, no standalone standards or solutions are perfect for
all possible real-life scenarios. In addition, due to the high trends of false data injection or
FDI attacks, researchers are focusing more on mitigating this threat. Some of the key
studies are discussed below. A model was proposed for the detection mechanism,
mitigation, and resilience improvement that holds great potential. For detection, the study
proposed an advanced monitoring system to identify

FDI attacks using the data patterns; for mitigation, the research shows AES-based
encryption. However, the main drawback discussed in the paper is maintaining the true
data points to find the perfect model performance [16]. Another interesting way of
mitigating microgrid cyberattacks from FDI attacks. In the proposed model, two
interconnected cyber layers were proposed to identify and demonstrate the attack in the
cyber layer and then mitigate it. The study shows four cases to understand the security
breach and tackle the cyberattacks. However, implementing absolute virtual layers in all
the DERs is not that cost-efficient [17]. A study found a graph-theory-based approach to
mitigate FDI cyberattacks in microgrids. The proposed model utilizes the directed graph
structure to ensure data exchange, where multiple communication paths and leader
nodes provide resilience against data corruption. It also uses cooperative control
strategies to use error terms for corrective deviations caused by potential FDI attacks [18].
Another survey study shows a comprehensive analysis of different available solutions
considering microgrids and the future of this field. The researcher focuses on controlling
false data even before it affects the central system of the microgrid [19]. A research
proposed a resilient control approach that effectively mitigates the impact of FDI attacks
on microgrids by dynamically adjusting the control inputs based on observed attack
estimations. DETM ensures that the system remains stable and that the output voltage
remains within the desired range. However, due to the complexity of the algorithm and the
requirement to balance the number of iterations k for accuracy and computational
efficiency, poor performance may occur if not carefully tuned. Too few iterations may lead
to insufficient attack compensation, while too many can result in high computational
overhead [20].

Despite significant advancements in securing microgrids, particularly concerning False

Data Injection (FDI) attacks, current solutions exhibit notable limitations [21]. There is still
a dire need for an effective, scalable, and robust solution that ensures the cybersecurity of
DER communication with control systems in islanded microgrids [22][23]. The core
research gaps are stated below.

a) There are not enough lightweight cryptographic mechanisms needed by Distributed

Energy Resources (DERs) to ensure confidentiality, integrity, and authentication (CIA)
without significant computational overhead in microgrids [24].

b) Even after considering existing solutions, most cryptographic protocols are not
optimized for low latency in real-time microgrid monitoring and control applications [25].
c) A comprehensive and secure key management system for maintaining a cryptographic
system is essential. However, there needs to be more in this area, especially in the energy
sector [26].

d) Most importantly, existing conventional cryptographic techniques are highly vulnerable

to various cyberattacks, including side-channel, man-in-the-middle, and denial-of-service
attacks [27].

The work in this paper bridges the existing knowledge gaps by proposing an ECDSA-based
framework to enhance cybersecurity against FDI attacks. The main contribution of the
research is to mitigate the False data Injection attack using a secure cryptographic digital
algorithm. Moreover, all the contributions of the paper are stated below.

a) This paper proposes a new security model utilizing ECDSA to protect communication
between Distributed Energy Resource (DER) nodes and the central control system in
islanded microgrids.

b) The proposed model leverages the benefits of elliptic curve cryptography, extending
traditional RSA-based systems by offering significantly higher computational efficiency
and smaller key sizes.

c) MATLAB simulations performed for model validation demonstrate that this model
effectively detects and mitigates False Data Injection (FDI) attacks in real time.

d) The work also proposes a hybrid key distribution mechanism based on a cloud service
integrated with a hardware security module, further enhancing the security architecture of
the proposed model.

As outlined in section 1, Introduction, this paper addresses the needs concerning

cybersecurity in microgrids, focusing on the issue of vulnerabilities to FDI attacks. Then the
section also underlines the current methods and their shortcomings, given the considered
type of threat. In the next section, called System Models and Methodology Description,
section 2, the authors describe the relevance of ECC and ECDSA to DERs communications
security