Cybersecurity of Microgrid: State-of-the-Art Review and Possible Directions of Future Research

: The infrastructure of and processes involved in a microgrid electrical system require advanced technology to facilitate connection among its various components in order to provide the intelligence and automation that can beneﬁt users. As a consequence, the microgrid has vulnerabilities that can expose it to a wide range of attacks. If they are not adequately addressed, these vulnerabilities may have a destructive impact on a country’s critical infrastructure and economy. While the impact of exploiting vulnerabilities in them is understood, research on the cybersecurity of microgrids is inadequate. This paper provides a comprehensive review of microgrid cybersecurity. In particular, it (1) reviews the state-of-the-art microgrid electrical systems, communication protocols, standards, and vulnerabilities while highlighting prevalent solutions to cybersecurity-related issues in them; (2) provides recommendations to enhance the security of these systems by segregating layers of the microgrid, and (3) identiﬁes the gap in research in the area, and suggests directions for future work to enhance the cybersecurity of microgrids.


Introduction
Various definitions of the microgrid and designs of its functional classification have been provided in the literature. In general, a microgrid is defined as a small-scale electrical distribution system that links numerous customers to numerous sources of generation and storage, and uses power electronic devices as a medium [1]. The concept of the microgrid dates back to 1882 in proposals by Thomas Edison, whose company built the first 50 direct current (DC) power plants [2].
A microgrid comprises elements such as energy storage, loads, and generation systems [3]. The generation system in a microgrid receives its sources from renewable energy and conventional energy sources (hybrid system). Other elements such as storage play an essential role in supplying electrical energy to the end users because the microgrid's reliability is improved through storage. Storage is also employed to overcome the problem of excess power generated from wind turbines and photovoltaic (PV) systems.
Microgrids can be divided into two operational systems: isolated and grid connected. An isolated microgrid can produce energy supply in a reliable condition in a small area, and can be used as a valuable testbed for suitable control function development. The use of grid-connected microgrids, on the other hand, is more widespread in supporting distribution networks that incorporate renewable energy sources (RES) and distributed generation (DG) units [4].

The Microgrid Architecture
To understand the threats posed to and vulnerabilities of microgrid electrical systems, this section provides a quick overview of the elements and components of a microgrid. A considerable number of studies have affirmed that the operation and data processing, transmission, and storage of microgrids must be secure to achieve reliable control [10,11]. The fundamental elements and components of a microgrid are discussed below.
The reference architecture of microgrid used in this research is given in [12]. To discuss the cybersecurity aspects of microgrid, the components of microgrid are categorized into four enclaves based on their functions: (i) distributed generation (DG) sources, (ii) energy storage, (iii) the distribution system and (iv) control and communication modules., as depicted in Figure 1. The description of every enclave is given below: Enclave 1: DG sources DG source refers to technologies that generate power such as: • Generator One of the sources of energy to a microgrid is the synchronous generator. Most of them are powered by natural gas or a diesel engine designed for stand-alone or backup applications. A generator has two control algorithms, namely, an (1) exciter, which handles the voltage of the generator, and the (2) reactive power generator that is commonly used to minimise power loss and improve the voltage profile of power systems. • Natural gas turbine The natural gas turbine is categorised based on the drive type, into single shaft and two shaft. The single-shaft light is generally used in microgrid systems as a distributed resource. To enhance the response speed, the governor control system uses an electronic control system. The gain and time are constantly monitored to achieve a reasonable response. • Renewable energy source Renewable energy plays an essential role in maintaining the sustainability and survival of the microgrid. The prevalent sources of renewable energy are wind and photovoltaic. They are connected to the microgrid system through current-mode inverters, and can be operated at the maximum power point.
(B) Enclave 2: Energy storage The reliability of the operations, power generation, and load stabilisation of the microgrid is ensured through a sophisticated storage management system, an indispensable element of the microgrid. Disturbances in power supply may occur in the grid due to variations in the load in terms of a mismatch between load generation and load time. Mechanical wear and failure of the battery are some other causes of a terminal voltage fault. Energy storage in microgrid architecture refers to devices that perform the following functions [12]: (a) Balances the power in microgrid despite of load fluctuation and other transients.
Provides ride-through capability and allows DGs to operate as dispatchable units during dynamic variations in intermittent energy sources. (c) Provides the initial energy during the transition between grid connected or/from microgrid island.
Maintaining the stability of the microgrid is a challenging task because the system has various types of distributed generation, and demands for reactive and active power based on the needs of customers. Thus, the energy storage management system of the microgrid plays a vital role in stabilising its frequency and voltage for both the short and the long term [13]. The energy storage is connected to the grid through a micro-source, and absorbs power via the electronic converter. Subsequently, the energy storage exports power to the network in the island mode, enhancing the system's quality and stability [14]. The energy storage can be distributed via two applications: utilisation-scale and small-scale applications. Other than maintaining the management and control function of the storage device, the distributed energy storage system can help maintain maximal system safety, efficiency, and life. It also performs communication with the Supervisory Control and Data Acquisition (SCADA) system in larger management applications. (C) Enclave 3: the distribution system Distribution systems refers to transmission and distribution technologies, specifically line frequency AC, high frequency AC and DC technologies, whose main role is to transmit and distribute electricity in microgrid systems. (D) Enclave 4: control and communication system Control and communication system in microgrid architecture refers to technologies that handle the output data from microgrid and deliver them for further analysis by different applications, and microgrid controls and management. Two communication media, i.e., wired and wireless, support the communication technologies for power control and protection. Microgrid controls and management includes: The MGCC facilitates communication between the Distribution Management System (DMS) and the microgrid to detect and control blackout procedures. The MGCC was also introduced to improve the voltage profile and handle tripping problems. • Supervisory Control And Data Acquisition (SCADA) In a microgrid application, SCADA as a computer-based application plays an important role in acquiring data, and monitoring and controlling operations, including the adjustment of signal alarms. It also enhances the safety, reliability, and economic benefits of the microgrid, and reduces the burden on the dispatchers. Moreover, it employs the automation and modernisation of electrical power dispatch to improve the efficacy and level of information of the system [15].

Communication Protocols and Standards of Microgrid
To better understand microgrid communication protocols, research on the design of its communication network has focused on the interaction between several components of the microgrid for control and monitoring purposes. A review shows that numerous types of communication networks are used in microgrid systems, as depicted in Table 1. As standard communication protocols, the IEC 61850, Distributed Network Protocol 3.0 (DNP 3.0), Modbus, Profibus, Wi-Fi, and the TCP/IP are extensively used in microgrid operations [16][17][18][19]. We present a brief description of the commonly used communication protocols in microgrid electrical systems in the following subsections.
IEC 61850 IEC 61850 is the most widely used standard of communication owing to its speed, excellent reliability, and security. The IEC 61850 standard is an international standard developed for substation automation. It is composed of three levels, namely, the process, bay, and substation. The IEC 61850 is built with different data attributes and functionalities to ensure interoperability, introducing some latencies in communication. This protocol is suitable to be applied in a microgrid, particularly in distribution automation [20].
Modbus As reported in [21], Modbus is widely used in microgrids due to its simplicity. It can be transmitted over the different physical networks of RS 485, RS 232, and the Ethernet TCP/IP. However, the Modbus protocol is inefficient for large-scale data transmission from/to the network. It has high latency, making it unsuitable for a communication system, especially one involving emergency control. Such microgrid architectures such as PrInCE Lab use hard-wired networks if long delays occur in communication [16]. (C) Distributed Network Protocol 3.0 (DNP3) DNP3 is a power communication protocol originally developed by General Electric that was made public in 1993. Use in SCADA applications was the initial purpose for the design of DNP3. It is used mainly in the oil and gas, security, water infrastructure, and electrical industries in Asia, North America, South America, Australia, and South Africa [22]. The initial design of DNP3 comprises four layers: the transport, application, data link, and physical layers. Serial communication protocols such as the RS-232, RS-422, and RS-485 became the basis for designing the original physical layer. The DNP3 has been moved over to the TCP/IP layer to support current communication technologies. Therefore, it can be considered a three-layer network protocol that operates on the TCP/IP layer [22] in supporting end-to-end communication. Contrary to Modbus, the slave of DNP3 can produce feedback with unsolicited responses to the master. Single DNP3 messages can demonstrate time-stamped tasks and information on data quality and various data types [17]. DNP3 is to be replaced by IEC 61850 in substation communication. The general belief is that in future power systems, IEC 61850 has the potential for usage outside substation communication, although its use is presently limited within a power substation [30]. Due to the absence of any security mechanism in the initial design of DNP3 and IEC 61850, the microgrid network can easily intercept or falsify messages sent through them, resulting in either incorrect operation of power devices or information leakage. Two effective solutions were used as the basis for the design of the security functionality of DNP3 by [31]: (1) the introduction of security mechanisms to the DNP3 stack through the modification of the original protocol, and (2) the insertion of a security layer between the DNP3 protocol stack and the TCP/IP layer. The first solution offers suitable security solely for DNP3. Nonetheless, the protocol stack needs to be repeatedly modified while the communication systems in the power devices require upgrading. As such, the compatibility of legacy devices with smart grid devices can be more desirably achieved through the insertion of a security layer between the DNP3 and TCP/IP. This security layer aims to specifically assist the DNP3 protocol in attaining the primary security requirements for confidentiality and integrity. This is achieved through the interception of the DNP3 packets distributed to the TCP/IP layer by the security layer. The data are then encrypted, and the encrypted packets are then sent to the TCP/IP layer. All these are performed at the transmitter, the data packets are passed to the application layer (DNP3 layers) once the security layer has decrypted them. The confidentiality and integrity of DNP3 packets can be ensured through symmetric or asymmetric algorithms. In [32], for instance, MAC-based authentication was designed and implemented to function as an extension to the security of DNP3-based communication for distribution automation systems.

Cyberattacks on Microgrid
In general, the attack on and control over a system involves four steps: reconnaissance, scanning, exploitation, and maintaining access [33]. During reconnaissance, the attacker gathers information on the target. Scanning is the second step, where the attacker attempts to identify vulnerabilities in the system. These activities are intended to identify open ports and services that run on each port as well as their weaknesses. The exploitation involves the attacker attempting to compromise and gain complete control of the target. Before proceeding to maintain access, which is the final step, the administrative access enjoyed by the target needs to be achieved. Access is maintained by installing a hidden program in the system that enables the attacker(s) to return to the it in the future.

1.
Reconnaissance Reconnaissance for attacks is carried out in the form of social engineering and traffic analysis. Social engineering (SE) relies on social skills and human interaction rather than technical skills. In this stage, the attacker uses communication and persuasion to win the trust of a legitimate user. This is done to obtain the user's credentials and confidential information, such as passwords or PIN numbers, to log on into a particular system. Some examples of popular techniques used in SE are phishing and password pilfering [33]. In a traffic analysis-based attack, the traffic is listened to and analysed to determine the device and hosts connected to the network, together with their IP addresses. In traffic analysis and social engineering, the compromise primarily involves confidential information.

2.
Scanning Scanning is performed to identify live hosts and devices of the network. According to [33], there are four types of scans: those on ports, IPs, vulnerabilities, and services. Typically, an IP scan is conducted first to identify the hosts connected to the network together with their IP addresses. This is followed by the scanning of ports to identify an open port. Each host on the network is scanned. The attacker then performs a service scan to identify the system or service that operates behind each open port. For instance, if port 102 is detected as open on a system, the hacker can infer that this system is used for substation automation control or messaging. On the contrary, the phasor measurement unit (PMU) is the target system if port 4713 is open. Identifying vulnerabilities and weaknesses related to each service on the target machine for further exploitation is the aim of the vulnerability scan, which is the final step of scanning. The DNP3 and Modbus are two industrial protocols that are susceptible to scanning attacks. The Modbus/TCP is susceptible to an attack known as Modbus network scanning because it is designed for communication rather than security. In this attack, a benign message is sent to all devices connected to the network to collect information on them. An open Modbus/TCP is detected and slave IDs of the device together with their IP addresses are identified by Modscan, which is a SCADA Modbus network scanner [34]. Modscan scans the DNP3 protocol and determines the hosts: in particular, the slaves, their DNP3 addresses, and their corresponding master. It is thus clear that the target of these attacks is primarily confidential information on the smart grid. 3.
Exploitation Exploitation features harmful activities to exploit the smart grid's vulnerable components and gain control of it. Popping the human-machine interface (HMI), Trojan horse, integrity violation, man-in-the-middle (MITM) attack, jamming the channel, privacy violation, worm, virus, replay attack, and DOS attack are examples of harmful activities. The infection attack on a particular system or device in a smart grid is performed using a program called the virus. On the contrary, a worm is a self-replicating program, and spreads by copying itself to infect other devices and systems by using the network. Another example involves a program that appears to carry out a legitimate task on the target system, yet operates a malicious code in the background; this is known as a Trojan horse. The attacker uses this form of malware to upload a worm or a virus to the target system [35]. The first cyberattack against a physical industrial control system was launched using Stuxnet.

4.
Maintaining access Special forms of attack, including the backdoor, virus, and Trojan horse, are used in this final step to maintain permanent access to the target. The backdoor, which is an undetectable stealthy program, is installed on the target by the attacker for easier and faster use in the future. The successful embedding of a backdoor into the server of the SCADA control centre allows the attacker to launch several attacks against the power system that damage it. The security parameters of an IT network are classified based on their order of importance: confidentiality, integrity, accountability, and availability. However the order of precedence of the security parameters of a smart grid is as follows: availability, integrity, accountability, and confidentiality [36]. Thus, we can say that attacks that compromise the availability of smart grid systems are the most severe, while those targeting its confidentiality are the least severe. In addition to severity, the likelihood of each attack to be carried out is important. Although attacks based on Duqu and Stuxnet, for example, are highly destructive due to their ability to bypass all security boundaries and vandalise the industrial control system, they are complex and sophisticated. Hence, even though the severity of these viruses is high, they have a low likelihood of being launched. The HMI popping attack is an example of a highly severe. However, its execution does not demand outstanding experience in security and industrial control systems, or a high level of networking skill. The public availability of vulnerability documentation on devices enables the use of open-source tools, such as Metasploit and Meterpreter, or the so-called script-kiddies, by a hacker to launch an attack. Thus, this attack is considered to be highly severe as well as highly likely [35]. Table 2 summarises common cyberattacks on microgrid based on the four steps identified above: reconnaissance, scanning, exploitation, and maintaining access. Each step includes the attack categories, examples, the component compromised in the smart grid due to each attack, the impact of each attack, and the appropriate countermeasures. It can be concluded that the use of secure network protocols, such as secure-DNP3, as well as the enabling of authentication and encryption mechanisms can help prevent most attacks.

The Cybersecurity Aspects of Microgrid
Power systems featuring microgrids have been exposed to several cyberattacks with severe consequences, according to numerous industries and governmental bodies. These incidents can be examined to develop methods to respond to cyberattacks on the microgrid, such as methods to detect cyber-intrusion and mitigating its impact. This can be achieved through the identification and elimination of vulnerabilities in microgrid systems. In this section, we discuss the vulnerabilities and threats to microgrid.

Traditional Security Tools in Microgrid Systems
The microgrid is connected to the Internet through the control centre, which is the main component of these systems. It connects and links all distribution substations. DNP3, Modbus, and other Internet-enabled communication protocols carry out control commands and transfer status data from the various microgrid devices to the control centre. These Internet-enabled connections are vulnerable to several cyber-threats that disrupt power supply to the microgrid. Therefore, early solutions involved the use of traditional security tools, such as firewalls and intrusion detection systems, to secure these protocols.
To filter incoming network traffic, firewalls are installed in the router and the gateway to prevent unauthorised users from accessing the private network. Firewalls can inspect and discard suspicious packets by using such properties as their port numbers, IP address locations, and time delays. However, firewalls depend on a set of predefined rules that can turn into conflicts in many cases because hundreds of configurable rules are obtained in commercial-grade firewalls. However, this process can be complicated owing to the rare availability of information because the grid depends on a proprietary software platform. Moreover, perfect knowledge of cyber-assets is needed to develop accurate rules for firewalls [41].
Numerous identification-based approaches have been developed to address the issue of anomalies in firewall policies [41][42][43]. A high-level security policy has also been proposed by the American National Standards Institute (ANSI)/International Society for Automation (ISA) for best practices in mitigating threats in the control system. Another drawback of firewalls is that spoofed messages can bypass protections that contain filtering rules. In addition, the vulnerabilities in software allow for cyberattacks to be performed by the attackers. Firewalls may also be unusable in WANs owing to the high latency of communication among devices.
The cryptographic protection mechanism has become a critical issue in cybersecurity for building and developing data confidentiality and integrity. The power industry has developed various communication protocols and devices prior to implementing cybersecurity to protect data security. SCADA, the substation automation system (SAS), the phasor measurement unit (PMU), and DER, which use such protocols as Modbus and the DNP3 in a smart grid, have been applied, but cannot protect against cyberattacks [41]. High access to the network by many users in the WAN may increase security risks, especially when such protocols as DNP3 have been used. The authors of [42] proposed solutions for the MODBUS authentication framework. A secure frame format has also been proposed to overcome the drawbacks of DNP3 [43].

Vulnerabilities and Threats in Microgrid
A vulnerability is defined as weakness in the system, and threat can be defined as a potential to give harm to the system. Attackers exploit vulnerabilities in the system to attack it. This section presents a list of potential threats and threat agents to the microgrid in electrical systems.

Common Vulnerabilities in Microgrid
Although a combination of the cyber-system and the critical physical infrastructure can be beneficial, it creates several vulnerabilities that can lead to threats. Such vulnerabilities can expose a microgrid to physical system damage if they are not adequately addressed.
Cyber-physical vulnerabilities in a microgrid are inherited from the distributed power system. These vulnerabilities are developed by the following: • Wireless communication. Such communication uses radio frequency, which makes it challenge to prevent physical access to users, especially in case of public access to the network. Although it has several advantages, it faces the risk of attacks, including interception and intrusion, that can be larger than in a wired network. All these vulnerabilities are considered weaknesses that can be exploited by one or more threats.

Threats against Microgrid
A threat model commonly used against the microgrid is the one developed by the European Union Agency for Network and Information Security (ENISA) [44]. This model features cybersecurity threats to ICT and non-IT assets, which are physical assets of the main operations of the system. Based on this model, the potential threats to microgrids can be categorised into the following: • Physical attacks occurring from intentional offensive actions. These are targeted to perform distractions at the maximum level by gaining unauthorised access to assets of the microgrid and destroying them. • Eavesdropping. This category of threats is realised by adjusting communication between parties without installing tools on the victim's side. • Nefarious Atrocious Activities. This category is performed through cyberattacks or deliberate harmful activities which aims at system digital assets. Here, the attackers would use additional tools/software to attack the victim's software or IT infrastructure.

Potential Threat Agents against Microgrid
Several threat agents against microgrids have been identified: • Hostile threat agents. Companies or organisations may be correlated to offensive tactics. These companies usually have a high capability of intelligence in technology or human beings. • Cyber-criminals. This category is a hostile threat by nature, and targets financial gain at a high level of skill. This criminal act can be coordinated at a national, local, or international level. • Threat agents from the inside, including employees and third party. The employees of a microgrid include the operational staff as well as contractors. Other, third parties, also help at the power facilities. All of these agents can access the private system of the microgrid and expose it to attacks on sensitive assets. • Hacktivists. This type of threat is created by individuals who protest against political or social agendas, and promote their cause by hacking intelligence agencies, corporations, websites, and military institutions. • Capabilities of offensive cyber in nation-states. This attack is considered a cyberweapon. Nation states have high skill and expertise in malware, and use them to attack adversaries. • Terrorists. Their activities have been expanded to include cyberattacks targeting critical infrastructure, including public health agencies, energy production facilities, and telecommunication infrastructures. This type of threat may have a severe impact on the government and society. • Cyber-fighters. This is an emerging threat agent. It is composed of a group of patriotically motivated citizens who have the potential to initiate cyberattacks. There may be a conflict between their activities and those of other groups (e.g., hacktivists). • Insider Threat. A cyberattack occurs when intruders use false system information to deceive the operators. Such operations cause the power system to become unstable. This situation obtains because insiders have knowledge of the power grid, especially its vulnerabilities. The detection and prevention of attacks initiated by insiders is challenging.

Security Issues in Microgrid
Understanding various threats and weaknesses that exist in the microgrid system helps us to present the potential security issues in microgrid using layered approach, as summarized in Table 3. In this section, we derive the attributes for every enclave and identify potential security issues in microgrid, following the guidelines by [45].
As resiliency is an important characteristic of a microgrid, introducing security solutions might introduce unwanted consequence that disturbs microgrid's resiliency. When considering security solutions for microgrid as a cyber physical system, a tool that gives a quantitative measure is needed so that the microgrid's resiliency can be quantified as per its definition.
CyPhyR [46] is a tool that measures microgrid's resiliency based on the cyber security exercises. The tool has two stages: (1) planning phase and (2) operational phase. The planning phase involves a study on impacts of various components in the microgrid towards microgrid's resiliency and the operational phase quantify the microgrid's resiliency based on the defined Cyber Impact Severity metric. Generally, the Common Vulnerability Scoring System (CVSS) [47] s used to measure technical vulnerabilities and provide the impact based on only qualitative measures such as high, medium, and low. It can be used to get a high level picture of microgrid systems security. There are also tools to measure the properties of network resiliency in general such as [48][49][50][51]. improper configuration for remote access and/or maintenance and update, software/firmware vulnerabilities, patching or update missing, no or unsupported malware detection, improper software configuration and access control. • Communication: no resilient capability to switch between grid connection to stand alone mode.

Efforts and Initiatives for Smart Grid and Microgrid Security
The research in [52] proposed a baseline requirement and guidelines for data delivery in the implementation of a power grid system to ensure its reliability. The North American Electric Reliability Corporation, for example, has proposed the Critical Infrastructure Protection (CIP) standards, CIP-002 through CIP-009 [53], to provide a cybersecurity framework for the identification and protection of critical cyber-assets and support the reliable operation of the bulk electric system. Another example, the Achieve Energy Delivery System Cyber-Security, has been published by the Energy Sector Control Systems Working Group (ESCSWG) in a study conducted to improve cybersecurity in energy delivery systems [54]. In addition, the National Institute of Standards and Technology (NIST) has published cybersecurity guidelines for smart grid systems [45], in which important threat scenarios are mentioned for the cybersecurity of the microgrid.
In microgrid communication, the connection between internal and external networks, such as the enterprise network and the Internet, is widely exposed to cyber-threats. A cyberattack occurs through intrusion into power enclaves of the microgrid through the exploitation of vulnerabilities in the network, system, and/or application level by attackers to compromise critical operations. Researchers have chosen to follow such standards for specific microgrid architectures as NIST 800-53 [55] and IEC 62443 [56].
As they have an internal system design that does not focus on security, a majority of the systems depend on perimeter protection. Such a system is developed as part of a closed network. A drawbacks of the power network is that it is designed without the security of the IEC 61850. A security mechanism is thus needed for these protocols. However, this environment tends to have vulnerabilities that cyberattacks can exploit.
The IEC 62351 has been developed to enhance the IEC 61850 in terms of security [57]. However, this enhanced protocol does not include the cybersecurity of the microgrid communication network. Another secure framework that does not offer cybersecurity measures for microgrid-specific threats is the OLE for the Process Control Unified Architecture (OPC UA) [58]. This framework is a standard-based communication backbone that has advantages in case of a larger scale of cybersecurity threats. Examples of such threats include the sensitive control of network exposure, the complexities in achieving cybersecurity certification, and component integration legacy.
Microgrid systems are connected to external networks, such as enterprise networks and the Internet, which significantly increases the cyber-threats to them. Cyberattackers can attack microgrid power enclaves and compromise critical operations by exploiting vulnerabilities at the network, system, and/or application level. Most systems rely on perimeter protection, with internal systems designed with less security because they are intended to be part of a closed network.
The Secure Network of Assured Power Enclaves (SNAPE) architecture [59], which is based on the network separation strategy, was created for a large US Army base containing multiple power enclaves with secure communication. A microgrid system deployed based on the SNAPE architecture can contribute to the goals of energy security of the US Department of Defense. Network segregation is achieved by hardware devices that provide strong cryptographic separation. The segregation enables the isolation of control networks so that they can use lightweight cryptography to satisfy the requirements of low latency. This novel approach minimises the burden of cybersecurity certification by reducing the scope of certification to a subset of the microgrid network. In the SNAPE architecture, the OLE for the Process Control Unified Architecture (OPC UA) is used to implement the communication backbone. The OPC UA is backward-compatible with distributed control system protocols such as IEC 61850. It also provides authentication and authorisation services in the application layer.
Deploying IPv6-based networks leads to several gaps in security. If IPv6 and IPv4 are run simultaneously, IPv6 should be tunnelled over IPv4 or run independently. In the tunnelling mode, configuration problems can create security holes in the system [52]. If the two protocols are run in parallel, firewalls must be configured to filter IPv6 traffic, which is not very common. A typical firewall does not filter IPv6 traffic, and an attacker can leverage this unsecured channel to enter the system. Administrators must also use new (and better) ways to deploy, configure, and monitor networks. Essential tasks include troubleshooting networks, configuring firewalls, enforcing secure configurations, monitoring security logs, analysing real-time behaviour, and performing network audits. Most intrusion detection/prevention systems are still not very effective at handling IPv6 traffic, which increases the potential for attacks.
CERTSMicroGrid is a novel approach for integrating distributed energy resources in a microgrid to seamlessly island it from and them reconnect them to the power grid [60]. All distributed energy resources appear to be a single entity for coordination and control to the control centre. The traditional method involves integrating a small number of distributed energy sources and shut down the microgrid when problems arise (according to the IEEE P1547 standard). However, unlike the SNAPE architecture, the CERTS model does not explicitly focus on the cybersecurity of microgrids. The Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS) project was conducted by the US Department of Energy, Department of Defense, and Department of Homeland Security [61]. The goal was to provide secure control of on-base generation at military bases by building secure and robust microgrids that incorporate renewable energy sources.
Mueller [62] has discussed research undertaken according to the NSF ERC FREEDM project. The project has investigated challenges posed by the cyber-physical nature of microgrids, and has highlighted novel opportunities for providing selective power delivery during power outages. Mueller recognises the need to secure microgrids from cyberattacks. However, the FREEDM Project does not propose any security solutions. SNAPE stands out because it recognises the need to secure microgrids and presents a comprehensive cybersecurity architecture that adheres to industry standards, and satisfies the requirements of the microgrid.

Potential Future Work and Conclusions
ICT systems are the backbone of modern microgrids. Cybersecurity is essential for the stability and reliability of the microgrid. However, the integration of various technologies into microgrid also leads to more cyber security concerns.
Looking into the landscape and technology progress of microgrid, there are many potential R&D topic around microgrid security that can be summarized as in Table 4. A part of the motivation for these R&D topics is also originated from [45]:  With emerging focus on machine learning (ML) in many applications, their potential for microgrid security is worth exploring. This includes using ML for gathering threat intelligence, automated vulnerability assessment, and threat and risk prediction. Lightweight cryptographic algorithms and cryptographic protocols are other promising areas of research on microgrid security. This is part of solutions to vulnerabilities in the communication protocols of the microgrid. This paper has provided a comprehensive review of the components of a microgrid as well as related elements and cybersecurity aspects, and discussed the potential of research to address various vulnerabilities and potential threats in it. The understanding gleaned from the work here can help spur innovation in research on microgrid security.
Another technology that can be explored to address security issues in microgrid is blockchain. It is especially useful for authentication related issues and the development of blockchain platform for microgrid can be of significant contribution in commercialization.
To prevent unknown cyberattacks, potential vulnerabilities in cybersecurity can indicate research-related needs for enhancing the cybersecurity of a microgrid. Jamming attacks threaten wireless communication because the absence of mitigation approaches creates a weakness in the connectivity of components of the smart grid. GPS signals are vulnerable to spoofing attacks that may impact the time-based synchronisation requirements for PMU data. A standard to assess the performance of ADSs/IDSs is also not available. Although several detection systems have been proposed and tested for different sectors of a microgrid, they do not guarantee accurate detection in practice. Further research on coordinated cyberattacks is urgently needed. The response of operators should be considered in such work. In case of a cyberattack, an operator may be deceived by falsified data. Future work should also focus on investigating the performance of IEC 61850-based communication in microgrids in an energy storage system (ESS) for hardware systems by including a microgrid controller with a real-time digital simulator (RTDS). Further, the performance of systems developed for different communication technologies that can be used in small islands with a more diverse generation portfolio should be tested.
Finally, as the initiatives on smart grids are on the rise, it is well noted that there are lots of research rooms that should be explored for microgrid security. This paper has provided comprehensive coverage of microgrid components, its related elements, the cybersecurity aspects of microgrid and the potentials of research domains addressing various vulnerabilities and potential threats in the microgrid. The understanding will help in spurring innovation for microgrid security.