New methodology to prevent false data injection attacks in PV plants
A group of researchers from the University of Sevilla in Spain has created a new framework for the detection and identification of false data injection attacks (FDIAs) in PV plants.
FDIAs are usually carried out by cybercriminals, malicious insiders, state-sponsored attackers, or skilled hackers who compromise communication networks, sensors, or control systems. In a utility-scale PV plant, FDIAs can manipulate measurements such as power output, voltage, or irradiance data, causing incorrect control decisions, reduced energy production, equipment stress, grid instability, and potential safety risks.
“While FDIAs have been widely investigated for transmission and distribution networks, their application to utility-scale PV plants has received very limited attention,” corresponding author Catalina Gómez Quiles told pv magazine. “Our work addresses this gap by proposing a framework tailored to the architecture and operation of modern PV plants.”
“The framework is not limited to identifying random measurement errors,” she went on to say. “It is designed to detect advanced attackers capable of manipulating multiple measurements while maintaining physical consistency with the electrical network, making the attacks much harder to identify using conventional techniques.”
The novel approach utilizes a two-stage identification tool combining the EC-WLSE and EC-SHGME estimators . The EC-WLSE first estimates system states while applying residual analysis and the so-called large normalized residual (LNR) test to identify suspicious measurements. Measurements exceeding a predefined threshold are removed and the estimation is repeated. The EC-SHGME then improves detection by iteratively adjusting measurement weights to identify subtle attacks that may bypass the first stage. Measurements with continuously decreasing weights are classified as potential FDIs.
The scientists tested the FDI identification tool using a benchmark utility-scale PV park model and different cyberattack scenarios. The test system consists of two MV feeders, each containing three 3.8-MVA PV inverters connected to a 132-kV grid through MV/LV and HV/MV transformers. Two types of FDI attacks are considered: dummy attacks based on random measurement manipulation and sophisticated attacks using PV plant model knowledge. Dummy attacks modify voltage, current, and power measurements within realistic limits to simulate stealthy disturbances. Sophisticated attacks generate physically consistent false data to mislead the power plant controller (PPC) while avoiding detection.
The simulation results demonstrated that EC-WLSE has limited detection capability, mainly identifying only large active power deviations while failing to detect voltage and reactive power attacks due to low sensitivity in PV plant conditions. For multiple attacks, acceptable detection performance was achieved only when a significant portion of measurements was compromised.
The analysis also showed that, compared with EC-WLSE, EC-SHGME demonstrated strong robustness against simultaneous active and reactive power attacks, achieving detection rates above 95% in most scenarios. However, accurately identifying all compromised measurements remained more challenging, especially for multiple low-magnitude attacks. Moreover, sophisticated attack scenarios showed that detection improved as the number of manipulated measurements increased, while precise attack localization became more difficult.
“The proposed methodology achieves high detection accuracy, including F1-scores above 85% under challenging operating conditions and close to 100% in many practical scenarios, while remaining computationally lightweight enough to be considered for real-time applications,” Gómez Quiles explained. “Beyond detecting attacks, the framework is able to reconstruct reliable system states even when measurements have been compromised. This allows the PPC to continue operating using trustworthy information, increasing the resilience of the plant against cyber incidents.”
The proposed framework was presented in “A cyber-resilient framework for detection and identification of false data injection attacks in PV plants,” published in Electric Power System Research. The research was conducted under the umbrella of the EU-funded COoperative Cyber prOtectiON (COCOON) project for modern power grids.
“We believe the main contribution of this work is demonstrating that robust state estimation techniques, when carefully adapted to the specific characteristics of photovoltaic plants, can provide an effective and practical cybersecurity layer for future renewable energy infrastructures without requiring additional sensing equipment or major changes to existing plant architectures,” Gómez Quiles concluded.
Please login to comment