Next Article in Journal
Harmonic Analysis and Elimination of Transmission Scheme Based on DRU for Medium-Frequency Offshore Wind Farms
Next Article in Special Issue
Trust Evaluation Framework for Adaptive Load Optimization in Motor Drive System
Previous Article in Journal
Data-Driven Modeling and Control of Wireless Power Transfer Systems
Previous Article in Special Issue
Comprehensive Power Regulation of a Novel Shared Energy Storage Considering Demand-Side Response for Multi-Scenario Bipolar DC Microgrid
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 18
10.3390/electronics14183663
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Cybersecurity in MAS-Based Adaptive Protection for Microgrids—A Review

by
Armando J. Taveras Cruz
1,2,*,
Miguel Aybar-Mejía
1,2,
Carlos G. Colon-González
3,
Deyslen Mariano-Hernández
1,
Jesús C. Hernandez
4,
Fabio Andrade-Rengifo
5 and
Luis Hernández-Callejo
6,*
1
Engineering Area, Instituto Tecnológico de Santo Domingo, Santo Domingo 10602, Dominican Republic
2
Programa de Doctorado de la Universidad de Jaén, Energías Renovables, Departamento de Ingeniería Eléctrica Edificio A3, Escuela Politécnica Superior de Jaén, 23071 Jaén, Spain
3
Graduate School, Polytechnic University of Puerto Rico, San Juan 00918, Puerto Rico
4
Department of Electrical Engineering, University of Jaén, 23071 Jaén, Spain
5
Department of Electrical and Computer Engineering, University of Puerto Rico-Mayagüez, Mayagüez, PR 00680, USA
6
Departamento Ingeniería Agrícola y Forestal, Universidad de Valladolid, 42004 Soria, Spain
*
Authors to whom correspondence should be addressed.
Electronics 2025, 14(18), 3663; https://doi.org/10.3390/electronics14183663
Submission received: 6 August 2025 / Revised: 31 August 2025 / Accepted: 10 September 2025 / Published: 16 September 2025
(This article belongs to the Special Issue Innovations in Intelligent Microgrid Operation and Control)
Browse Figures
Versions Notes

Abstract

With the ever-growing reliance on digital communication networks in microgrids equipped with digital control systems and highly distributed energy resources, the threat of cyberattacks is more present than ever. Therefore, a robust cybersecurity response framework could be in place to secure smart grids, including microgrids, against cyberattacks. Adaptive protection systems, which are crucial for microgrid reliability and resilience, are also vulnerable. On the other hand, multi-agent systems are often employed in microgrid adaptive protection, providing a decentralized and cooperative framework where intelligent agents can monitor system conditions, exchange information, and detect anomalies. Many researchers in the literature have focused on addressing microgrid protection with multi-agent systems against physical faults in scenarios with various degrees of distributed energy resource penetration. Other research efforts have leveraged multi-agent systems, as well as technologies such as artificial intelligence, machine learning, advanced encryption, and authentication, to enhance the capabilities of microgrids for maintaining resilient operation under cyberattacks. However, both physical and cybersecurity anomalies have rarely been tackled in the same scheme. This paper aims to provide a systematic review of the use of cybersecurity strategies for multi-agent-based adaptive protection schemes. From the results of this study, it was found that most research efforts do not address microgrid protection with an integrated approach, considering both physical and cybersecurity threats, as well as the application of established industry communication and cybersecurity standards. All of this, while maintaining scalability and performance, is crucial.

1. Introduction

Microgrids (MGs) are localized groups of power sources and loads that can operate in connection with the primary power grid or independently in an ‘islanded’ mode. They integrate various distributed energy resources (DERs) such as solar panels, wind turbines, and battery storage systems [1,2]. A key feature of alternating current (AC) microgrids is their ability to operate autonomously, which enhances resilience against power outages and natural disasters. This autonomy in MGs is achieved through a hierarchical control structure that includes primary, secondary, and tertiary controls [3,4]. Microgrids enhance the operational flexibility and resilience of power systems by enabling the integration of renewable energy sources and allowing for self-sustained operation during grid failures [1,2]. Microgrids support the global shift towards sustainable and clean energy by integrating renewable energy sources, thereby reducing the carbon footprint associated with power generation [1]. They provide energy independence and increased robustness against long-lasting outages, which is particularly beneficial for critical facilities like military installations [1].
Despite their advantages, conventional protection techniques for microgrids cannot cope with the dynamic nature of microgrid operations and the increasing number of DERs and features of smart grids, exposing the limitations of these more static protection designs [5]. Various researchers have proposed adaptive protection relay strategies that dynamically adjust protection settings in response to changes in the microgrid’s operational conditions. This is crucial for maintaining reliability and stability, particularly given the variability introduced by distributed generation sources such as solar and wind [6,7]. An approach presented by various authors is adaptive protection based on multi-agent systems (MASs). In this method, either software or hardware agents continuously monitor the microgrid’s status and adjust relay settings accordingly. This ensures that protection schemes remain effective under varying operational conditions, such as changes in load or generation [6,8]. An MAS applies advanced communication protocols, such as IEC 61850 GOOSE [9], based on Ethernet and standard communication protocols used for high-speed and high-priority communication, to facilitate fast and reliable data exchange among agents [10,11,12]. This ensures coordinated protection actions and enhances the system’s responsiveness to faults and network changes, while reducing dependency on a central control unit and improving the system’s resilience and flexibility [8,13].
The cybersecurity landscape for microgrids has become increasingly complex. The 2025 ERO Reliability Risk Priorities Report by North American Electric Reliability Corporation (NERC) emphasizes that rapid infrastructure growth and digitization—including information technology (IT) and operational technology (OT) convergence, cloud-based technology reliance, artificial intelligence (AI) emergence, and dispersed management systems such as DER aggregators and Internet of Things (IoT) devices—significantly expand the cyberattack surface for MGs [14]. The report projects a 30% growth in electrical demand by 2050.
Inverter-based resources (IBRs) and DERs represent as much as 90% of new generation capacity added annually [14]. However, they rely heavily on information and communication technologies (ICTs), transforming these systems into complex cyber-physical energy systems (CPESs) that are inherently vulnerable to cyber threats [15]. Critical components, including smart meters, digital metering devices, advanced metering infrastructure (AMI), phasor measurement units (PMUs), and industrial electronic devices (IEDs), represent vulnerabilities when inadequately protected [15]. These distributed components constantly communicate with control centers through multiple channels, increasing the probability of cyberattacks.
Consequently, despite their operational advantages, microgrids and MAS-based adaptive protection schemes face significant cybersecurity challenges due to their communication dependencies. These threats can target both control and communication entities, making microgrids susceptible to attacks such as false data injection (FDI) and denial-of-service (DoS) [12,16]. The absence of centralized DER monitoring, combined with the widespread adoption of inverter-based DERs and software-intensive ICT infrastructure, further complicates the cybersecurity landscape [17]. Addressing these multifaceted challenges is crucial for maintaining the integrity of modern power systems [15,18]. The NERC reports that 69% of online threats evaluated by its Electricity Information Sharing and Analysis Center (E-ISAC) aim to sabotage the power grid. Therefore, given the increasing number of cyber threats, there is an urgent need to develop strategies for the resilient management of microgrids. This includes proactive and comprehensive responses to cyberattacks, ensuring reliable operation [15].
This paper aims to provide a systematic review of the challenges, current advances, and future trends in cybersecurity strategies for MG MAS-based adaptive protection schemes, as well as the technologies used to develop them. The main contributions are as follows:
(i)
A synthesis and critical evaluation of existing cybersecurity approaches for MAS-based adaptive protection in microgrids.
(ii)
An identification of the research gaps and a proposal for future research directions.
The remainder of this paper is organized as follows. Section 2 discusses the applied methodology. Section 3 provides an overview of AC microgrids and MAS-based adaptive protection. In Section 4, the cybersecurity threats to MAS-based adaptive protection in AC microgrids are described, followed by a more specific discussion on existing solutions and current research for securing MASs in adaptive protection in Section 5. Finally, Section 6 and Section 7 conclude this review by presenting the conclusions and outlining future research directions, respectively.

2. Methodology

A detailed search was conducted on four principal scholarly databases: Scopus, IEEE, Web of Science, and Google Scholar. MAS-based adaptive protection schemes and cybersecurity in the literature from the last five years were selected, while some foundational works were also included from earlier periods. A structured combination of keywords was employed, including “microgrid,” “smart grid,” “adaptive protection,” “multi-agent systems,” “cybersecurity,” and “cyber-attacks.” The data collected was subjected to a critical analysis, resulting in the conclusions presented at the end of this review. Initially, the authors analyzed the contributions of the relevant works, and subsequently, the most recent primary research papers on each subtopic were identified and subjected to the same analysis strategy. Figure 1 presents a conceptual diagram of the methodology followed.

3. Overview of AC Microgrids and MAS-Based Adaptive Protection

3.1. Structure and Components of AC Microgrids

AC microgrids are localized power systems that integrate various DERs, energy storage systems (ESSs), loads, and control units. They can operate in both grid-connected and islanded modes, providing flexibility and reliability in power supply.
Several key components comprise the fundamental structure of a microgrid. The first are distributed generation (DG) units. These can be from renewables such as solar panels, wind turbines, and other renewable energy sources connected to the AC grid via inverters [19,20], but can also come from non-renewable sources, such as diesel generators and other conventional power sources, which can also be part of the DG units, directly connected to the AC bus [19]. Another component can be energy storage systems (ESSs). These can include lithium-ion batteries, lead-acid batteries, sodium-based batteries, vanadium redox flow batteries, and hydrogen storage systems [21]. ESSs are typically connected to the local AC bus through direct current (DC)-to-AC converters with inductance capacitance (LC) filters to ensure stable voltage and power quality [22]. Loads are considered part of the component lineup within microgrids. These can be residential, commercial, or industrial loads that the microgrid serves. Loads can vary in their power requirements and operational characteristics [23,24]. Subsequently, we have control units, which manage the immediate power balance and voltage/frequency regulation within the microgrid. This includes inverter control for renewable sources and synchronization mechanisms for grid connections [19,25]. These units ensure long-term stability and optimal operation by dispatching energy sources according to predefined setpoints and participation factors [25].
A microgrid operates in two primary modes: grid-connected and islanded modes. In grid-connected mode, the microgrid operates in synchronization with the primary grid, allowing for power exchange and enhanced overall grid stability [19]. In islanded mode, the microgrid operates independently from the primary grid, relying on its internal DG units and ESS to maintain power supply [19,26]. A synchronization process is required to ensure smooth transitions between these modes to prevent large power flows and potential damage to loads [19].
AC MGs are complex systems that integrate various components and require sophisticated control strategies to ensure reliable and efficient operation. The combination of renewable and non-renewable energy sources, along with advanced energy storage and control systems, makes them a versatile solution for modern power needs. Figure 2 shows an MG system with the point of common coupling (PCC) with the grid, protection relays, circuit breakers (CBs), and DER, as well as the agents of an MAS.
Networked microgrids face a multitude of general challenges, primarily stemming from their dynamic nature and the integration of diverse distributed energy resources (DERs). A central issue is the dynamic and complex operating conditions introduced by the intermittent and fluctuating output of renewable energy sources, leading to difficulties in system stability and protection [5]. This is further complicated by sophisticated and dynamic microgrid topologies that frequently change, coupled with bidirectional power flow. This renders conventional unidirectional protection schemes inadequate and can cause issues like unwanted tripping or protection blinding [27]. Finally, the growing intelligence and connectivity of microgrid components directly expose them to an increasing landscape of cyber-physical security threats, making robust cybersecurity measures and data security paramount for seamless and secure operation [27,28].

3.2. MAS in MG Protection and Cybersecurity

Microgrids face unique challenges due to their ability to operate in both grid-connected and islanded modes. This dual-mode operation requires significant reconfiguration of electrical protections to maintain selectivity and reliability, as fault conditions can change drastically between modes [15]. Additionally, inverter-based distributed generators in microgrids often provide low short-circuit currents, making fault detection challenging [29]. Consequently, adaptive protection has the objective of dynamically adjusting protection settings in response to changing conditions within a microgrid, isolating faults quickly and efficiently, thereby minimizing the impact on the rest of the network. This approach ensures that protection schemes remain effective under varying operational scenarios, such as transitioning between grid-connected and islanded modes [15,30].
Adaptive protection plays a vital role in enhancing the cyber resilience of microgrids. By dynamically adjusting to operational changes and potential cyber threats, adaptive protection helps maintain reliable operation even in the face of unforeseen incidents [31]. Multi-agent systems (MASs) are an effective method for implementing adaptive protection schemes, particularly in a decentralized structure, offering advantages such as higher speed, reliability, and scalability compared to centralized approaches [32,33]. In multiple research papers, the focus of applying MAS has been to enhance the accuracy of fault detection and location [7,8,33,34,35,36]. They coordinate the operation of relays and circuit breakers to ensure effective fault isolation, which is crucial for adaptive protection schemes [37,38,39]. The MAS-based protection system utilizes intelligent electronic devices (IEDs) as agents. Agents in the MAS collect real-time data on current and voltage from the distribution system [34]. These agents possess capabilities such as communication, decision-making, and data processing, which are essential for adaptive protection in microgrids [39].
An MAS fundamentally relies on the communication infrastructure for its operation and effectiveness [5,13]. The communication infrastructure enables agents, regardless of their organization into layers or zones, to communicate and cooperate with their environment [10,40]. Communication protocols, such as IEC 61850 (which includes GOOSE technology), are frequently employed to facilitate high-speed and secure data transmission between intelligent electronic devices (IEDs) that act as agents [10,41]. Whether structured hierarchically or on a peer-to-peer basis, reliable and fast communication is deemed essential for effective MAS operation in real-time power system applications [42,43]. Therefore, dependable and fast communication is deemed a critical enabling factor for effective MAS operation in real-time power system applications [44,45]. A consolidated comparison of the reviewed approaches is presented in Table 1 below.
An MAS also plays a role in enhancing cybersecurity by monitoring cyberattacks and implementing countermeasures, thereby maintaining the integrity and reliability of the protection system [39,57,58]. Khatana et al. [59] developed a distributed malicious agent detection scheme to enable honest DERs to detect and isolate the communication links of maliciously behaving DERs in their neighborhood during distributed power allocation. This approach represents a novel method for intruder detection and isolation; however, its robustness needs to be validated under a broader range of attack scenarios. Karanfil et al. [60] introduced a security monitoring platform based on the IEC 62351-7:2017 standard [61] for network and system management (NSM). This represents the first implementation of a microgrid-specific security monitoring solution using the IEC NSM framework for real-time cyberattack detection—additionally, Roy et al. [62] designed a machine learning-based MAS framework incorporating a Master Agent (MA) for cyberattack detection and Slave Agents (SAs) for localized mitigation. Detection is conducted centrally via a one-class classifier (OCC) trained on secure data. At the same time, mitigation is managed in a decentralized fashion using Support Vector Regression (SVR) models informed by local measurements. The system targets previously unseen attacks in automatic generation control (AGC) and high-voltage direct current (HVDC) systems. Albarakati et al. [39] proposed an MAS-based adaptive protection mechanism for cyberattack detection and fault response in distribution networks. The framework enables fault location, line isolation, system reconfiguration, and differentiation between cyber-induced and natural faults, thus reducing relay malfunctions and improving reliability.
In addition to detection, an MAS can autonomously mitigate attacks by leveraging distributed response mechanisms. Al-dulaimi et al. [63] introduced a data-driven cooperative stochastic control system for islanded AC microgrids, featuring a lightweight prevention model to mitigate false data injection (FDI) and a communication-based controller. The proposed system enhances performance in frequency restoration and power sharing in sparse networks, while also reducing reliance on centralized control schemes that are vulnerable to compromise. A cybersecure distributed secondary control strategy for inverter-based islanded microgrids was introduced by Bidram et al. [16]. The approach utilizes the Weighted Mean Subsequence Reduced (WMSR) algorithm to eliminate corrupted information from compromised agents, leveraging time-varying communication graphs to enhance security without relying on static assumptions.
Both detection and mitigation can also be combined. Hu et al. [64] presented a decentralized consensus decision-making (DCDM) approach leveraging blockchain technologies for cybersecurity protection in multi-microgrid (MMG) systems. This design eliminates the need for a central authority, thereby addressing the single point of failure (SPoF) challenge inherent in centralized architectures. Zhou et al. [65] proposed a hierarchical MAS-based detection and mitigation (MHDM) scheme with three layers of rule-based anomaly detection. This structure enables the classification of operational states using cyber-physical and fault-specific data, enhancing the detection of diverse cyberattack vectors. Choi et al. [66] developed an MAS-based cyberattack detection and mitigation framework for distribution automation systems (DASs). The system employs message authentication for data integrity and validates control commands using power system domain knowledge, effectively distinguishing cyberattacks from physical faults by leveraging both cyber and physical characteristics.
An MAS can also support cybersecurity risk management by enabling trust-based decision frameworks. Boakye-Boateng et al. [67] proposed a trust management system where substation risk posture is computed based on trust scores from intelligent electronic devices (IEDs) and supervisory control and data acquisition (SCADA) human–machine interfaces (HMIs). This system enables the dynamic assessment of security states based on device behavior over time.
To strengthen the cyber-resilience of microgrid systems, MAS-based frameworks can be focused on adapting control schemes under adversarial conditions. Wang et al. [68] proposed a cooperative control strategy for bidirectional interlinking converters (BICs) in networked AC/DC microgrids. The method uses adaptive control to coordinate agents’ responses during false signal injection attacks. It is resilient to node compromises that may be undetectable by traditional intrusion detection systems. Abianeh et al. [69] developed a multi-agent deep reinforcement learning (RL) approach for cybersecurity in DC microgrids. This framework automatically identifies weaknesses in conventional detection methods and generates stealthy FDI attacks, enabling a more robust vulnerability analysis and offering a novel complementary detection mechanism for the secondary control layer.
In summary, MAS frameworks offer significant benefits for microgrid cybersecurity, including enhanced reliability, scalability, autonomy, flexibility, and resilience [16,65,70]. Table 2 provides a comparative overview of the reviewed MAS-based MG cybersecurity approaches.

4. Cybersecurity Threats in AC Microgrids

4.1. Cyber Threats in Power Systems

With increased dependence on communication in microgrid management, cyberattacks pose a more prevalent threat. Most studies provide simulations, models, or taxonomies rather than empirical breakdowns of the various types of cyberattacks. As a result, precise counts or percentage shares of malware, DDoS, and FDIA, among others, across real-world power systems and microgrids are not systematically reported in the reviewed literature. Nonetheless, in the literature, it has been found that power systems, such as microgrids, can be subjected to multiple identified attack strategies that exploit their vulnerabilities.
A significant vulnerability of cyber-physical systems like microgrids and smart grids stems from the heavy dependency on communication infrastructure for real-time monitoring, protection, and operational interoperability, which makes these systems prone to attacks that manipulate data or disrupt physical systems [28]. Key vulnerable components include intelligent electronic devices (IEDs) such as sensors, gateways, smart meters, and smart relays, which attackers can infiltrate with malware or access physically/remotely to send false commands, statuses, or inaccurate measurements [28,71]. The inherent interdependence of cyber and physical systems means that cyberattacks can trigger physical damage, such as component overloading, fires, and blackouts, and physical disruptions can, in turn, create new cyber vulnerabilities. These interconnected vulnerabilities pave the way for sophisticated coordinated cyber-physical attacks, such as coordinated FDI against communication links or Electrical Internet of Things (EIoT) botnet attacks, which can cause widespread frequency instability, cascading failures, and significant operational and economic impacts across the grid [72].
Building upon the classification framework of [73], this section adopts a taxonomy-driven structure to categorize these threats, aligning them with their attack vectors, targeted layers, and potential impacts on microgrid operations [73], providing a foundation for the following subsections. Figure 3 illustrates the taxonomy of cyberattacks on microgrids with MAS-based adaptive protection.

4.1.1. Data Integrity Attacks

In data integrity attacks, there is a malicious attempt to alter the data used for critical functions within the power system, such as false data injection (FDI) and data manipulation attacks. These attacks attempt to inject misleading data into the system, or modify it, which can corrupt the decision-making processes of control systems. FDI can lead to incorrect operational responses, potentially causing instability in power delivery and system failures [60,74].

4.1.2. Infrastructure and Communication Attacks

Infrastructure attacks try to exploit weaknesses in the hardware, software, and communication infrastructure connecting digital measuring devices and communication protocols, which can lead to unauthorized access and control over the power systems [15,75], including central control and monitoring systems, and often take the form of denial-of-service (DoS) attacks. In DoS attacks, the aim is to disrupt the availability of services by overwhelming the communication channels or control systems. This can prevent legitimate users from accessing critical services, leading to operational disruptions in power systems [60,75]. Another form is in which an attacker discreetly intercepts and manipulates communication between two legitimate parties or systems while remaining unnoticed, called a man-in-the-middle (MitM) attack [76]. These cyber threats can also target DERs, compromising their control systems and leading to cascading failures and power outages. These attacks exploit vulnerabilities in the communication networks that connect the DER to the microgrid [15,60].

4.1.3. Human-Focused Threats

Ransomware attacks can target critical infrastructure, such as pipelines and power grids, locking operators out of their systems until a ransom is paid. This type of attack, in which the human factor is involved, can halt operations and cause significant economic losses [16,75]. Additionally, employees or contractors with access to sensitive systems can intentionally or unintentionally cause harm. Insider threats can lead to data breaches or sabotage, making them a significant concern for power system security [75].

4.1.4. Coordinated and Multi-Stage Attacks

Coordinated attacks are simultaneous, sophisticated, and potentially stealthy cyberattacks implemented at multiple nodes in a networked MG system [77]. Coordinated attacks on all nodes present a significant challenge for traditional detection and isolation-based countermeasures [68]. These may come in the form of replicating device readings (replay attack) or constructing an FDI attack vector (optimized attack) to mask a physical attack on the power system, designed to neutralize the physical attack’s impact on measurement residuals and go undetected, or a series of coordinated and interconnected attack stages (multi-stage attack), often combining cyber and physical components [73].

4.1.5. Zero-Day and Advanced Persistent Threats (APTs)

Cyber-physical systems are often found to be vulnerable to unseen or unknown threats and exploited by what is called a zero-day attack. This is a type of cyberattack for which knowledge-based detection strategies are ineffective [58]. The primary reason for this ineffectiveness is that such strategies rely on an up-to-date database of each known attack vector. Since a zero-day attack is novel and previously unseen, an existing database would not contain information about its specific attack vector, rendering these traditional detection methods useless.
By means of advanced tactics, stealthy techniques, and persistent focus on specific targets, advanced persistent threats (APT) can infiltrate MASs over time, gathering intelligence and eventually disrupting the coordination and decision-making processes critical for adaptive protection in power systems [76].

4.2. Impact of Cyberattacks on MAS-Based Adaptive Protection in Microgrids

MAS-based schemes rely on communication networks to coordinate and execute protection strategies. Cyberattacks can target these networks to introduce delays or alter data, leading to incorrect fault detection and isolation, thereby compromising the adaptive protection mechanism [39]. Moreover, the interconnected nature of hybrid AC-DC microgrids means that an attack on one sub-grid could have repercussions on the entire system. For instance, an attack affecting the AC sub-grid’s frequency stability might harm the DC side’s battery voltage stability, leading to system-wide instability [1].
By manipulating data integrity, FDI attacks work by data injections that can manipulate the data exchanged between agents in MASs, leading to false fault detection or mis-operation of protection devices. This can disrupt the adaptive protection strategies designed to respond to real-time grid conditions [60]. Subsequently, this results in voltage and frequency instability, potentially causing cascading failures and power outages in AC microgrids [16,78]. Additionally, denial-of-service (DoS) attacks overwhelm the communication channels used by MASs. These DoS attacks can prevent timely data exchange and decision-making, hindering the system’s ability to adapt to changing conditions and effectively protect the grid [79].
Attacks targeting communication networks can delay or block data exchange between components, such as those used in multi-agent systems (MASs), which are crucial for adaptive protection [17]. This disruption can prevent timely decision-making and coordination, affecting the overall stability and reliability of the system. Individuals with access to these MAS components can intentionally disrupt operations by altering configurations or injecting malicious code, thereby affecting the system’s adaptive protection capabilities [79,80]. Additionally, MASs in power systems rely on software for developing algorithms for decision-making and coordination. Taking advantage of this fact, cyberattacks targeting software vulnerabilities can compromise agent functionality, leading to incorrect protection actions or failure to respond to faults [77,79].
Table 3 summarizes the impact of cyberattacks on the MAS-based protection of microgrids, categorizing these attacks across system layers and highlighting representative techniques and their objectives.

5. Existing Solutions

MGs’ increasing integration of digital control systems, communication networks, and DERs makes them highly susceptible to various cyber threats. Existing solutions, encompassing prevention, detection, isolation, and resilient control, are essential for the effective management and secure operation of microgrids. The most noteworthy strategies found in the literature are presented in the subsequent subsections.

5.1. Cybersecurity Standards in Power Systems

Embracing structured cybersecurity standards is at the forefront of a secured microgrid, providing a general framework for developing, deploying, and managing cybersecurity best practices fitted to the unique needs of microgrids [81,82]. On this note, several standards and frameworks are highlighted in the literature as being relevant to microgrid cybersecurity.
The NERC CIP standards provide a foundational and broad framework for the overall cybersecurity and resilience of the bulk power system against various forms of cyber threats and attacks by focusing on robust security practices and incident management [76]. The NERC CIP standards, while mandatory for bulk electric system entities, are often criticized for their compliance-heavy focus, extensive documentation requirements, and limited agility in adapting to emerging threats [12,83].
IEC 62351 is a primary security-related international standard that specifies measures for ensuring end-to-end security in power systems, enhancing IEC 61850 and IEC 60870 communication standards. It is applicable in defending against breaches in confidentiality, system availability, data integrity attacks, unauthorized access, and network vulnerabilities [84]. The IEC 62443 [85] framework focuses on risk assessment and mitigation, providing guidelines covering security levels and system requirements crucial for maintaining operational continuity in smart grids [81,86]. The primary challenge identified with IEC 62443 relates to justifying its adoption when other standards are already in place [83].
ISO/IEC 27000 [87] outlines the requirements for establishing, employing, and maintaining an information security management system (ISMS) [81,88]. This standard is particularly relevant for ensuring security during potential data integrity attacks. However, these standards are often IT-centric, requiring significant tailoring to accommodate the real-time, safety-critical constraints of OT environments [83,88].
The NIST standard provides technical guidance to develop effective wide cybersecurity strategies in the United States (U.S.), including for Smart Grid applications regarding information systems, SCADA and industrial automation systems, IoT devices, and cryptographic security with the NIST SP 800 Series [76]. Additionally, NISTIR 7628 provides high-level requirements for cybersecurity and definitions of the logical interfaces of DER systems. The main challenge with NIST is that its IT-centric security controls, such as automatic account disabling, often cannot be directly applied to Operational Technology (OT) devices due to their lack of inherent automatic functionality, necessitating manual processes or compensating controls.
The IEEE is a leading professional organization dedicated to advancing technology, and it develops numerous standards for power and energy systems. The IEEE 2030 [89] Series covers MG, smart grid (SG), and battery energy storage system (BESS) interoperability and cybersecurity [84,90]. IEEE 1686 [91] defines the cybersecurity capabilities of intelligent electronic devices (IEDs) used in electric power systems [84]. Cybersecurity in DER is managed by IEEE 1547.3 [92], while the security of electric power substations in smart grids is addressed by the IEEE 1402 and IEEE C37.240 standards [93,94]. The challenges associated with IEEE standards for microgrids include fragmented coverage, where existing regional codes may have apparent gaps in technical specifications for interconnection and interoperability with distributed generation, leading to reliance on multiple IEEE standards with varying relevance that can quickly become outdated by emerging control technologies [12]. Additionally, minor regional electrical parameter differences and distinct environmental conditions further complicate the effective implementation of these universal standards, requiring careful adaptation for local microgrid protection and operation [95].
Table 4 presents a summary with the primary focus of each standard, as well as its main limitations in the context of microgrids.
The implementation of these standards in power systems faces persistent challenges that span regulatory, technical, and operational domains. These challenges are amplified by the complex and evolving nature of standards, the unique requirements of operational technology, and the dynamic threat landscape confronting modern grids [14,83]. Table 5 consolidates the primary barriers identified in recent literature, highlighting issues such as the proliferation of overlapping standards, interoperability limitations, insufficient domain-specific guidance, and the difficulty of integrating legacy infrastructure. By summarizing these challenges, the table provides a structured foundation for understanding where current standards fall short and where future efforts should focus to ensure robust, effective cybersecurity for critical energy systems.

5.2. Encryption in MAS-Based Microgrids

Cryptography is one of the most popular and widely used security mechanisms, with a history dating back to the history of written language itself. The approach is to develop mathematical methods for encoding information into ciphers to protect it from unauthorized access, which could be potentially hostile. Therefore, encryption of sensitive data is one of the first and most effective steps toward countering threats such as MitM and FDI attacks, unauthorized access to malicious agents, agent log modification, and provenance attacks. In this last one, a mobile agent’s itinerary details are disclosed to an adversary [58].
In multi-agent-based microgrids, researchers have explored a range of cryptographic and trust-enhancing mechanisms to secure agent-to-agent communications and ensure privacy-preserving consensus and optimization. Current approaches commonly integrate cryptographic primitives (e.g., homomorphic encryption, secret sharing, symmetric/asymmetric encryption), programmable cryptographic controllers, and emerging technologies such as distributed ledgers and quantum key distribution (QKD). While these methods demonstrate effectiveness in laboratory testbeds and simulation environments, they exhibit significant variations in computational cost, latency, and deployment assumptions.
The researchers in [99] propose a cryptography-based programmable (crypto-control) method, such as the Dynamic Encrypted Weight Addition (DEWA) scheme, which combines partial homomorphic encryption with secret sharing to enable secure distributed control. This method has already been validated in RTDS simulator testbeds that integrate software-defined network (SDN) and IoT components. However, this approach would require further work to adapt DEWA to other communication-based controls. Similarly, fully homomorphic encryption has been used to solve distributed optimal power flow and energy management systems (EMS) problems, showing that privacy-preserving optimization is feasible, although the computational burden remains significant [100]. Additionally, partial homomorphic encryption paired with event-triggered communication has also proven promising, as it reduces unnecessary data exchanges while preserving the confidentiality of local agent information [101,102]. Other scholars have applied lightweight elliptic-curve-based homomorphic hybrids to improve efficiency further, for example, in AMI data falsification detection, offering a more practical alternative to computationally heavy Cheon–Kim–Kim–Song (CKKS) schemes [103]. Despite these advances, homomorphic encryption imposes significant latency and computational overheads on the low-power controllers typically used in distributed energy resources [6].
The studies summarized in Table 6 emphasize that advanced cryptographic primitives can impose prohibitive computational burdens on resource-constrained smart grid devices, underscoring the need for careful architectural design and optimization [104]. Therefore, the various approaches in existing studies demonstrate technical feasibility, but reveal gaps in scalability, standardization, and operational guidelines.
Mohamed et al. [105] use a private proof-of-work blockchain to safeguard control and measurement data against denial-of-service (DoS) attacks while employing H-infinity controllers to mitigate uncertainty. Awais et al. [106] propose a blockchain-secured peer-to-peer energy marketplace enhanced with shielded execution environments to prevent data tampering by third parties. Sharma and Sarojwal [107] extend this to adaptive smart contracts and identity-based microgrid schemes, utilizing hashing and blockchain to enhance point-to-point (P2P) trading against DDoS attacks. These approaches collectively highlight blockchain’s capacity to ensure integrity and secure transactions, though scalability, latency, and the absence of AI-driven detection remain open challenges.

5.3. Authentication

Authentication is the process of recognizing an agent’s identity in the MAS by associating an incoming request with a set of identifying credentials. Since a request may originate on a remote host and may traverse several machines and network channels that are secured in different ways (and are not equally trusted), it is non-trivial to authenticate the source of communication in a distributed system [58]. In the literature, multiple techniques have been identified. Table 7 below presents a summary.
Various researchers have expressed that traditional identity authentication based on PKI digital certificates has poor scalability and high management and maintenance costs, making it unsuitable for large-scale power end-side devices [111,117]. Furthermore, there are inherent security issues with certificate authorities that manage digital certificates, which can be a significant drawback in complex power systems in terms of managing the lifecycle of certificates, such as issuance, distribution, and revocation [110,117].
JWT-based authentication solutions are highly centralized, which poses challenges in meeting legal obligations on privacy. This centralization can be a significant limitation in decentralized environments like microgrids [110,111,118]. Other scientific articles identified that blockchain-based authentication mechanisms that use JWTs face issues such as not fully protecting prosumer privacy, susceptibility to multiple security attacks, and high computational and communication resource demands [119].
Lightweight authentication mechanisms, while reducing computational costs, may still face challenges in maintaining user anonymity and session key secrecy. For example, the SE-LAKAF framework did not initially preserve user anonymity and session key confidentiality, which are critical for secure communications [113]. Furthermore, lightweight group authentication methods need to balance efficiency with security, and there are limitations in overseeing the performance and security requirements of smart grid applications [120]. Subsequently, group re-key protocols must efficiently manage the complexity of key distribution and re-keying processes.
Permissioned blockchains with zero-know proof (ZKP) and blockchain-backed trust management schemes have been shown to provide accountability, auditability, and agent credibility assessments in MAS-based energy markets [116]. Additionally, quantum key distribution (QKD) authentication schemes have been prototyped for SCADA/machine-to-machine (M2M) communication channels in DER environments, demonstrating their feasibility for quantum-secured authentication [121]. However, these strategies impose high storage and computation requirements and are not well suited for real-time performance functionality [104,116]. Despite these advances, most of the schemes are insecure and susceptible to MitM and impersonation attacks or are not suitable for autonomous MGs [115].
Mezquita et al. [122] present a multi-agent architecture where producers and consumers trade through blockchain-backed smart contracts that ensure non-repudiation. Cheng and Chow [123] propose a Bayesian reputation metric that helps distributed agents evaluate one another’s trustworthiness during consensus, complementing cryptographic methods without requiring blockchain ledgering. Rath et al. [74] offer a blockchain-based peer-to-peer validation layer that authenticates nodes, paired with anomaly detection and recovery. These studies reveal how blockchain and probabilistic trust metrics can enhance MAS authentication, though comprehensive identity management at scale is still an unresolved bottleneck. Consequently, the proposed methods need to ensure that they do not introduce significant computational overhead or additional security vulnerabilities [117,120].

5.4. Distributed Detection, Mitigation, and Prevention

Multi-agent systems (MASs) are particularly effective in distributed environments due to their ability to operate autonomously and collaboratively. This is crucial for detecting and mitigating cyber threats in real time across large networks [124,125,126]. Consequently, agent-based architecture offers capabilities such as autonomy, reactivity, proactivity, and mobility, which are desirable for intrusion detection systems (IDSs) [125]. These features enable the system to adapt to new threats dynamically and efficiently. Accordingly, a hybrid approach that combines different detection methodologies, such as signature-based, anomaly-based, and stateful protocol analysis, has been found to enhance the detection capabilities of IDPSs in MAS environments [127,128]. This hybrid approach helps in identifying both known and unknown threats.
In this context, the integration of machine learning algorithms, such as convolutional and recurrent neural networks, improves accuracy and reduces the false favorable rates of IDPSs [129,130]. These algorithms can analyze large datasets and detect patterns indicative of cyber threats. Other researchers have established a decentralized multi-agent reinforcement learning (MARL) scheme that is used to enhance the detection process by allowing agents to learn from their environment and improve their detection strategies over time [131,132]. Such a case would be the work of Roy et al. [62], which can potentially provide a solution for unexpected threats such as zero-day attacks.
MAS-based IDPSs can process and analyze data in real time, ensuring timely detection and response to cyber threats. This is achieved through continuous monitoring and the use of advanced data processing techniques [126,133]. Some authors argue that the use of MASs enables scalable solutions that can effectively manage the vast amounts of data generated in large networks. This is particularly important in environments like cloud computing and big data networks [132,134]. Wang et al. [68] present the ability to maintain frequency/voltage regulation and real/reactive power sharing under both single and multiple node attacks, including coordinated node attacks on all control agents, which are difficult for detection and isolation methods to manage. Subsequently, MAS-based IDPSs can provide proactive responses to detected threats, such as automatic incident response and endpoint quarantine, thereby mitigating the impact of cyberattacks [128]. Bougueroua et al. [124] argue that the high messaging rates for collaboration are the primary performance bottleneck in multi-agent IDPS.
Zhang et al. [135] propose an event-triggered distributed detection and recovery method using stationarity and consistency features for attack identification, complemented by neural networks that reconstruct normal states and controls in DC microgrids. Instead of building a blockchain-enabled framework that validates transactions, Rath et al. [74] detect compromised nodes through physics-informed analysis and use predictive controllers for multi-hop recovery. Cheng and Chow [123] advance this line by incorporating a Bayesian reputation metric to enhance distributed trust and expose stealthy attacks in a real-time testbed—meanwhile, Zhang et al. [136] model false data injection within load-sharing protocols and analyze stability regions under attack. Together, these works demonstrate the promise of AI and MAS-based distributed detection, though they often lack integration with blockchain consensus or broader end-to-end resilience frameworks.

5.5. Resilience Strategies

The decentralized coordination feature of MAS-based adaptive protection, combined with cybersecurity best practices, is crucial for enhancing resilience in microgrids. For instance, in the event of a fault, agents negotiate to determine the optimal protection strategy, considering factors such as fault currents and communication latencies [137]. This decentralized approach ensures that the system remains functional even if some components fail due to cyberattacks or other sources, thereby improving resilience [36,52]. However, these approaches require real-time verification and are computation intensive.
Another approach to building resilience is the integration of protection strategies for both pre- and post-contingency conditions [63]. As mentioned by the authors, during pre-contingency, relays autonomously adapt their settings to maintain coordination with other relays. In post-contingency scenarios, the microgrid central controller (MGCC) plays a crucial role in adapting protection settings to manage subsequent faults. This unified approach would ensure that the system is prepared for potential cascading failures, thereby enhancing overall resilience.
Moreover, to address the challenges of communication failures, researchers have proposed minimal communication protection schemes [138]. These schemes utilize voltage and current measurements to detect faults and isolate only the faulted feeder, thereby reducing reliance on extensive communication networks. This approach not only improves resilience but also minimizes power outages by limiting the impact of faults caused by communication issues.
Another development is the integration of AI and machine learning (ML) with MAS to enhance fault detection, classification, and coordination [52]. Subsequently, deep learning algorithms can be trained to detect faults with high accuracy and determine the optimal protection strategy, as presented by [48]. Additionally, recurrent neural networks (RNNs) have been used to estimate state variables and detect faults in real time [139]. Federated reinforcement learning (Fed-RL) has been proposed to improve the resilience of networked microgrids. This approach allows multiple agents to learn optimal control policies while preserving data privacy. The learned policies are then transferred to hardware-in-the-loop testbeds, bridging the gap between simulation and real-world implementation [140]. This method is particularly effective in handling model complexities and unknown dynamic behaviors of inverter-based resources. Therefore, the combination of AI and MAS enables the system to adapt to various operational modes and improve resilience.
The literature shows that energy storage devices, such as supercapacitors and lithium-ion batteries, have been integrated into MAS-based protection systems to enhance resilience. These devices can provide the necessary fault current during islanded mode or communication failures, ensuring that circuit breakers can trip correctly [141,142]. This approach would not incur additional costs, as energy storage devices are already part of the microgrid infrastructure.
Hierarchical protection strategies leveraging MASs have been developed to address dynamic operational variations in microgrids. These strategies integrate a dual-tier system, where higher tiers make operational decisions and lower tiers oversee event analysis and relay configuration updates [143]. This hierarchical approach ensures swift and autonomous protection coordination, even during prolonged adjustments of the main relay. State-observer-based protection schemes have been proposed to enhance fault detection and classification. These schemes use particle filters to estimate the measured current and voltage signals, enabling the detection of both high- and low-impedance faults with high accuracy [139]. The use of state observers ensures that the system can operate effectively in both grid-connected and islanded modes.
A three-stage emergency approach has been developed to improve the resilience of hybrid networked microgrids. This approach involves offline analysis to determine the resilient operation zone, real-time monitoring of the operating point, and the implementation of corrective countermeasures during contingencies [144]. This method ensures that the microgrid operates within a secure zone, preventing unnecessary tripping of the DER.
MAS-based fault localization and restoration methods have been proposed to improve resilience. These methods use phase angle comparison of current signals to detect faults and isolate them without requiring voltage transformers or relays [145]. Additionally, power restoration processes are implemented to restore the microgrid to its normal state after the fault is cleared.
Ahmad et al. [146] propose a blockchain-integrated distributed energy resources management system (DERMS) that substitutes for central control during outages, thus ensuring DER coordination. Mohamed et al. [105] couple blockchain replication with H-infinity control to maintain frequency stability under DoS, while Babahajiani and Zhang [147] introduce push-sum synchronization and quantum-inspired methods to strengthen distributed control against communication failures and cyber threats. Zhang et al. [135] also contribute here by pairing distributed anomaly detection with neural network recovery to restore microgrid operations. Collectively, these works highlight creative pathways toward resilient MAS-based microgrids, but often lack a unified integration of blockchain, AI, and MAS within a single pipeline.
Figure 4 provides a summary of the various resiliency and redundancy strategies found in recent relevant literature. Here, each of the nine blocks represents a strategy, along with the features listed under each one. The blocks, as depicted in the literature, are identified as follows: MAS coordination [36,137], Pre- and post-contingency [36], Minimum communication [138], Integration of AI and ML [52], BESS [141,142], Hierarchical protection [143], State observer-based schemes [139], Three-stage emergency approach [144], and Localization and restoration with MAS [145].

5.6. Scalability and Performance

Scaling cybersecurity measures in microgrids within the MAS presents several challenges, particularly in maintaining system performance. The integration of DER and advanced communication technologies increases system complexity and uncertainties, making microgrid management more challenging [148,149]. Moreover, the need for real-time responsiveness to cyberattacks further complicates the technical landscape, requiring innovative frameworks to manage disturbances without complete recalculation of power flow equations [150].
Ensuring optimal control performance while addressing cybersecurity threats is a challenging task. For instance, the informatics artificial neural network (I-ANN) designed for DERs in weak microgrids in [151] aims to enhance robustness and damping while mitigating rapid fluctuations in voltage and frequency. However, replacing conventional proportional integral (PI) controllers with I-ANN introduces new complexities in system optimization.
Maintaining real-time adaptability and computational efficiency is crucial for effective operation. The proposed frameworks must optimize operational points, including resource generation and network reconfiguration, while considering technical, economic, and reliability parameters [150]. This requires balancing the need for immediate updates with the computational load. Khatana et al. [59] propose an attack detection solution with a low computational and communication footprint for attack detection. This would be very much in line with the highly distributed resources of MGs.
Multi-agent systems must coordinate effectively to manage controller components within individual microgrids and neighboring grids. This coordination is essential for maintaining system performance during cyberattacks [152,153]. Abianeh et al. [69] propose a distributed, multi-agent malicious DER detection and isolation scheme that offers modular integration and is less impacted by communication delays compared to centralized methods. Nonetheless, it does require extensive data and high-performance computation.
Ensuring scalability and resilience in large-scale systems is a significant challenge. Innovative methods, like the considerable change sensitivity (LCS) method and hierarchical distributed control systems, are proposed to enhance real-time adaptability and resilience [150,153]. Al-dulaimi et al. [63] provide an approach that reduces the need for constant control updates and adapts to limited bandwidth. However, due to the need for communication and coordination among numerous agents, it has become increasingly complex.
Babahajiani and Zhang [147] explore scalable synchronization protocols, such as push-sum consensus, which remain robust in unbalanced networks, while Mezquita et al. [122] demonstrate how MAS negotiation and blockchain settlement can reduce transaction costs while increasing throughput and posing challenges in identity management. Mohamed [154] broaden the view with a review of AI and blockchain in renewables, highlighting the computational and environmental costs associated with scaling these technologies. These contributions underscore that while MAS, blockchain, and AI offer compelling security and control benefits, performance constraints and integration trade-offs remain central to future research.
Table 8 summarizes the main challenges of scaling cybersecurity measures in multi-agent microgrids, along with corresponding approaches proposed in the literature. The table highlights the trade-offs between system complexity, control performance, real-time adaptability, coordination, and scalability.

6. Discussion

A review of the tables and figures shows that research on MAS-based adaptive protection for microgrids has clearly matured in terms of technical sophistication, yet the attention given to cybersecurity is far less consistent. In fact, the treatment of security often feels partial or secondary. A few patterns stand out quite firmly: adaptive protection itself has advanced more quickly than its secure implementation, most studies lean heavily toward detection rather than full resilience, and many of the same structural issues—scalability, interoperability, and real-time performance—continue to surface.
One prominent example is provided in Table 1, where most schemes aim to improve the speed of fault detection, isolation, and selectivity. That is significant progress, but what is evident is how rarely these same studies consider encryption, authentication, or standards compliance. The result is a curious mismatch: technically advanced controllers that, in practice, remain vulnerable to even basic cyber threats.
A second pattern is evident in Table 2. Much of the cybersecurity research focuses on two well-known categories of attack: false data injection (FDI) and denial-of-service (DoS) attacks. While these are serious risks, the narrow focus is problematic. Real microgrids are likely to face more complex conditions, including coordinated or long-term intrusions. Some recent work attempts to address this by combining detection and mitigation within the same framework, which is a welcome move in the direction of resilience rather than relying solely on anomaly flagging.
The trade-offs involved are most evident in Figure 2 and Figure 4, as well as in the synthesis presented in Table 8. Pushing more intelligence to local nodes or reducing communication needs can indeed improve responsiveness; however, this often comes with a heavier computational burden and greater design complexity. On the other hand, hierarchical or distributed consensus methods can scale well and improve resilience, but they introduce additional latency and communication overhead. In short, each solution solves one problem while creating another, and this balancing act is at the heart of MAS-based cybersecurity. Metrics, therefore, need to go beyond detection accuracy and consider delays, communication footprint, and the system’s ability to remain stable under less-than-ideal conditions.
Finally, Table 4 highlights the underutilization of existing standards, including NERC CIP, IEC 62351, ISO/IEC 27000, and several IEEE guidelines. The reasons are not surprising: implementation is costly, many standards were designed for IT rather than OT environments, and DER controllers are often too resource-constrained to support the cryptographic load. Standards provide an essential starting point, but they cannot be taken as ready-made solutions for microgrids.
Taken together, these results suggest a field that is both creative and fast-paced, yet also fragmented. Researchers are exploring diverse approaches, yet there is little sign of convergence on shared practices, datasets, or benchmarks. The tables and figures provide a valuable overview of current progress, but they also highlight the significant work still needed before MAS-based cybersecurity for microgrids becomes a practical reality.

7. Potential Future Directions

Future research could focus on developing security mechanisms and architectures that adhere to established industry standards. This would make them more practical and trustworthy for real-world applications. Validating cybersecurity strategies, especially those using distributed control or multi-agent systems (MASs) in cyber-physical testbeds that realistically emulate power system communication networks and protocols (such as IEC 61850 GOOSE/MMS or DNP3), could provide valuable insights. Evaluating how these strategies impact performance and their effectiveness in realistic protocol environments is essential. Designing solutions in alignment with critical infrastructure standards, such as IEC 62443 or NERC CIP (where applicable), and evaluating their compliance and interoperability should also be a priority.
Another critical area is the integration of lightweight, real-time cryptographic techniques into microgrid communication and control systems. These methods must account for the computational limitations of devices while still providing robust protection against data manipulation and eavesdropping. Researchers should aim to move beyond isolated detection or mitigation tools and develop comprehensive security frameworks. These frameworks would ideally cover intrusion prevention, detection, identification, mitigation, and recovery and be validated in complex, multi-domain cyber-physical testbeds with realistic attack scenarios and diverse grid operations. At the same time, authentication and access control methods tailored to the unique operational technology (OT) environment of microgrids are needed to prevent unauthorized access and control actions.
There is also an opportunity to focus on secure-by-design MAS-based adaptive protection frameworks for microgrids. This involves embedding cryptographic protocols and trust management directly into the communication and decision-making processes of distributed agents. Achieving this requires developing novel MAS architectures and control/security algorithms that include lightweight encryption, strong authentication, and secure key management, all of which are designed for resource-constrained power system devices.
Research could investigate how machine learning (ML) and AI-based detection and mitigation systems can be effectively integrated with other cybersecurity functions, such as secure configuration, vulnerability scanning, and automated incident response. This integration is crucial for MAS-based adaptive protection in microgrids, where reliable and safe communication is critical.

8. Conclusions

A significant gap exists in developing and validating microgrid cybersecurity solutions that explicitly adhere to or implement relevant cybersecurity standards (e.g., NIST, IEC 62443, IEC 62351 beyond NSM). Furthermore, the absence of applied encryption, digital signatures, and secure key management is a critical gap. These techniques are crucial for ensuring the confidentiality, integrity, and authenticity of data and control signals exchanged within microgrids, particularly in distributed architectures that rely on communication networks. While some studies address secure communication channels, there is a lack of applied research on robust authentication mechanisms, especially those suitable for diverse and potentially resource-constrained microgrid components and agents (e.g., behavioral authentication, mutual authentication protocols). Although an MAS is used for distributed control, the applied research does not explicitly detail how communication between agents is secured using techniques like encryption or digital signatures, or how trust among agents is cryptographically established and maintained. While detection and mitigation are active areas of research, a comprehensive approach encompassing identification, protection, detection, response, and recovery, as outlined in frameworks like NIST, is less evident in the applied techniques.
The lack of standard security practices was a limiting factor when developing this literature review; therefore, a great deal of insight could have been derived regarding the performance of the research articles discussed under close-to-real-world conditions. A summarized overview and a critical analysis of the existing cybersecurity landscape for MAS-based adaptive protection in microgrids were presented. Furthermore, this review identified multiple research gaps and various future research directions.

Author Contributions

Conceptualization, A.J.T.C. and M.A.-M.; methodology, A.J.T.C., M.A.-M. and J.C.H.; writing—original draft preparation, A.J.T.C. and M.A.-M.; writing—review and editing, D.M.-H., C.G.C.-G., J.C.H. and F.A.-R.; supervision, J.C.H., L.H.-C. and M.A.-M. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by Fondocyt Grant No. FONDOCYT-2023-1-3C1-0547 and FONDOCYT-2023-1-1C3-0732 in the Dominican Republic.

Data Availability Statement

Not applicable.

Acknowledgments

The authors acknowledge the support provided by the Thematic Network 723RT0150, “Red para la integración a gran escala de energías renovables en sistemas eléctricos (RIBIERSE-CYTED)”. The authors acknowledge the support provided by the Sustainability Energy Center, ECE Department, Research & Development building, University of Puerto Rico at Mayagüez.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
ACAlternating Current
ACLAgent Communication Language
AESAdvanced Encryption Standard
AGCAutomatic Generation Control
AIArtificial Intelligence
APTAdvanced Persistent Threat
AsyEAsymmetric Encryption
BESSBattery Energy Storage System
BICBidirectional Interlinking Converter
BLKBlockchain
CBCircuit Breaker
CHILController Hardware-in-the-Loop
CIPCritical Infrastructure Protection
CKKSCheon–Kim–Kim–Song
DASDistribution Automation System
DCDirect Current
DCDMDecentralized Consensus Decision-Making
DERDistributed Energy Resource
DESData Encryption Standard
DGDistributed Generation
DLDeep Learning
DMDetection And Mitigation
DNP3Distributed Network Protocol 3
DoSDenial-of-Service
DTDetection
ECCElliptic Curve Cryptography
EIoTElectrical Internet of Things
ELKElasticsearch, Logstash, and Kibana
EMSEnergy Management System
ESSEnergy Storage System
FDIFalse Data Injection
Fed-RLFederated Reinforcement Learning
FIPAFoundation for Intelligent Physical Agent
FNRFalse Negative Rate
FPRFalse Positive Rate
GOOSEGeneric Object-Oriented Substation Event
HILHardware-in-the-Loop
HMIHuman–Machine Interface
HVDCHigh-Voltage Direct Current
I-ANNInformatics Artificial Neural Network
ICTInformation and Communication Technology
IDPSIntrusion Detection Protection System
IDSIntrusion Detection System
IEDIntelligent Electronic Device
IoTInternet of Things
IPInternet Protocol
IPSInterface Protection System
ISEIntegral Squared Error
ISMSInformation Security Management System
JADEJava Agent Development Framework
JWTJson Web Token
LANLocal Area Network
LCInductance Capacitance
LCSLarge Change Sensitivity
M2MMachine-to-Machine
MAMaster Agent
MACMedia Access Control
MARLMulti-Agent Reinforcement Learning
MASMulti-Agent System
MGMicrogrid
MGCCMicrogrid Central Controller
MHDMMAS-Based Detection and Mitigation
MitMMan-in-the-Middle
MLMachine Learning
MMGMulti-Microgrid
MTMitigation
NERCNorth American Electric Reliability Corporation
NSMNetwork and System Management
OCCOne-Class Classifier
OPFOptimal Power Flow
OTOperational Technology
PCCPoint of Common Coupling
PCSPaillier Cryptosystem
PFPerformance Function
PIProportional-Integral
PKIPublic Key Infrastructure
RIResilience Index
RLReinforcement Learning
RNNRecurrent Neural Network
RSARivest–Shamir–Adleman
RTReal-Time
RTACReal-Time Automation Controller
SASlave Agent
SCADASupervisory Control and Data Acquisition
SGSmart Grid
SMVSampled Measured Value
SNTPSimple Network Time Protocol
SPoFSingle Point of Failure
SVRSupport Vector Regression
SyESymmetric Encryption
TADRTrue Attack Detection Rate
TCP/IPTransport Control Protocol/Internet Protocol
TNRTrue-Negative Rate
TPRTrue-Positive Rate
UDPUser Datagram Protocol
U.S.United States
VLANVirtual Local Area Network
W-MSRWeighted Mean Subsequence Reduced
WMSRWeighted Mean Subsequence Reduced
WSN Wireless Sensor Network

References

  1. Taher, M.A.; Tariq, M.; Sarwat, A.I. Enhancing Security in Islanded AC Microgrid: Detecting and Mitigating FDI Attacks in Secondary Consensus Control through AI-Based Method. In Proceedings of the 2023 IEEE International Conference on Energy Technologies for Future Grids, ETFG 2023, Wollongong, Australia, 3–6 December 2023. [Google Scholar] [CrossRef]
  2. Rahmoune, F.; Ait Aali, N.; El Bouzekri El Idrissi, Y. Enhancing Green Energy Security: Exploring Multi-Agent Systems Perspectives for a Secure Smart Grid Information System. Procedia Comput. Sci. 2024, 236, 485–492. [Google Scholar] [CrossRef]
  3. Patarroyo-Montenegro, J.F.; Andrade, F.; Guerrero, J.M.; Vasquez, J.C. A Linear Quadratic Regulator with Optimal Reference Tracking for Three-Phase Inverter-Based Islanded Microgrids. IEEE Trans. Power Electron. 2021, 36, 7112–7122. [Google Scholar] [CrossRef]
  4. Patarroyo-Montenegro, J.F.; Vasquez-Plaza, J.D.; Andrade, F. A State-Space Model of an Inverter-Based Microgrid for Multivariable Feedback Control Analysis and Design. Energies 2020, 13, 3279. [Google Scholar] [CrossRef]
  5. Satpathy, P.R.; Ramachandaramurthy, V.K.; Padmanaban, S. Advanced Protection Technologies for Microgrids: Evolution, Challenges, and Future Trends. Energy Strategy Rev. 2025, 58, 101670. [Google Scholar] [CrossRef]
  6. Do Nascimento, L.L.; Rolim, J.G. Multi-Agent System for Adaptive Protection in Microgrids. In Proceedings of the 2013 IEEE PES Conference on Innovative Smart Grid Technologies, ISGT LA 2013, Washington, DC, USA, 24–27 February 2013. [Google Scholar]
  7. Khazaei, A.A.; Mahmoudi, A. Decentralized Adaptive Protection Structure for Microgrids Based on Multi–Agent Systems. In Proceedings of the 2019 Iranian Conference on Renewable Energy & Distributed Generation (ICREDG), Tehran, Iran, 11–12 June 2019; pp. 1–8. [Google Scholar]
  8. Senarathna, T.S.S.; Udayanga Hemapala, K.T.M. Review of Adaptive Protection Methods for Microgrids. AIMS Energy 2019, 7, 557–578. [Google Scholar] [CrossRef]
  9. IEC 61850-8-1:2011+AMD1:2020 CSV; Communication Networks and Systems for Power Utility Automation—Part 8-1: Specific Communication Service Mapping (SCSM). International Electrotechnical Commission: Geneva, Switzerland, 2020.
  10. Abbaspour, E.; Fani, B.; Sadeghkhani, I.; Alhelou, H.H. Multi-Agent System-Based Hierarchical Protection Scheme for Distribution Networks with High Penetration of Electronically-Coupled DGs. IEEE Access 2021, 9, 102998–103018. [Google Scholar] [CrossRef]
  11. Gutierrez-Rojas, D.; Nardelli, P.H.J.; Mendes, G.; Popovski, P. Review of the State of the Art on Adaptive Protection for Microgrids Based on Communications. IEEE Trans. Industr Inform. 2021, 17, 1539–1552. [Google Scholar] [CrossRef]
  12. Alvarez-Alvarado, M.S.; Apolo-Tinoco, C.; Ramirez-Prado, M.J.; Alban-Chacón, F.E.; Pico, N.; Aviles-Cedeno, J.; Recalde, A.A.; Moncayo-Rea, F.; Velasquez, W.; Rengifo, J. Cyber-Physical Power Systems: A Comprehensive Review about Technologies Drivers, Standards, and Future Perspectives. Comput. Electr. Eng. 2024, 116, 109149. [Google Scholar] [CrossRef]
  13. Shobole, A.A.; Abafogi, M. Adaptive Protection in Smart Distribution Networks: Coordination Demonstration of Multi-Agent Systems. In Proceedings of the 2023 5th Global Power, Energy and Communication Conference (GPECOM), Cappadocia, Turkiye, 14–16 June 2023; pp. 483–488. [Google Scholar]
  14. North American Electric Reliability Corporation. 2025 ERO Reliability Risk Priorities Report; North American Electric Reliability Corporation (NERC): Atlanta, GA, USA; Washington, DC, USA, 2025; Available online: https://www.nerc.com/comm/RISC/Related%20Files%20DL/2025_RISC_ERO_Priorities_Report.pdf (accessed on 25 August 2025).
  15. Gurina, L.; Zoryna, T. Distributed Energy: Benefits of Use and Threats to Cybersecurity. In Proceedings of the 2023 International Conference on Industrial Engineering, Applications and Manufacturing, ICIEAM 2023, Sochi, Russia, 15–19 May 2023; pp. 87–92. [Google Scholar] [CrossRef]
  16. Bidram, A.; Poudel, B.; Damodaran, L.; Fierro, R.; Guerrero, J.M. Resilient and Cybersecure Distributed Control of Inverter-Based Islanded Microgrids. IEEE Trans. Industr Inform. 2020, 16, 3881–3894. [Google Scholar] [CrossRef]
  17. Zhou, Q.; Shahidehpour, M.; Alabdulwahab, A.; Abusorrah, A.; Che, L.; Liu, X. Cross-Layer Distributed Control Strategy for Cyber Resilient Microgrids. IEEE Trans. Smart Grid 2021, 12, 3705–3717. [Google Scholar] [CrossRef]
  18. Gehbauer, C.; Black, D.R. Secured Microgrid Operation for Military Facilities—Findings from a Crowd Hacking Event. In Proceedings of the 2024 IEEE Power and Energy Society Innovative Smart Grid Technologies Conference, ISGT 2024, Washington, DC, USA, 19–22 February 2024. [Google Scholar] [CrossRef]
  19. Anand, A.; Nagu, B.; Gudur, K. Transition Control and Operation of Hybrid Energy System. In Proceedings of the 2024 IEEE International Conference on Smart Power Control and Renewable Energy, ICSPCRE 2024, Rourkela, India, 19–21 July 2024. [Google Scholar]
  20. Rouhani, A.; Abasi, M.; Joorabian, M.; Davatgaran, V. Designing a Novel Optimal Energy Management to Determine the Contribution and Effect of Primary Sources on the Structure and Components Size of Smart Microgrids and Smart Buildings. In Proceedings of the 2024 9th International Conference on Technology and Energy Management, ICTEM 2024, Behshar, Iran, 14–15 February 2024. [Google Scholar]
  21. Guarnieri, M.; Bovo, A.; Giovannelli, A.; Mattavelli, P. A Real Multitechnology Microgrid in Venice: A Design Review. IEEE Ind. Electron. Mag. 2018, 12, 19–31. [Google Scholar] [CrossRef]
  22. Chae, W.-K.; Won, J.-N.; Lee, H.-J.; Kim, J.-E.; Kim, J. Comparative Analysis of Voltage Control in Battery Power Converters for Inverter-Based AC Microgrids. Energies 2016, 9, 596. [Google Scholar] [CrossRef]
  23. Eyimaya, S.E.; Altin, N. Microgrids: Definitions, Architecture, and Control Strategies; Academic Press: Cambridge, MA, USA, 2023. [Google Scholar]
  24. Sinha, R.R.; Kanwar, N. Hybrid Microgrids: Architecture, Modeling, Limitations, and Solutions; Academic Press: Cambridge, MA, USA, 2023. [Google Scholar]
  25. Weber, L.; Nasiri, A.; Hyypio, D.; Dittman, W. Modeling and Control of a Synchronous Generator in an AC Microgrid Environment. In Proceedings of the ECCE 2016—IEEE Energy Conversion Congress and Exposition, Milwaukee, WI, USA, 18–22 September 2016. [Google Scholar]
  26. Udoha, E.; Das, S.; Abusara, M. A Power Management System for Interconnected Ac Islanded Microgrids Using Back-To-Back Converter. IET Conf. Proc. 2023, 2023, 177–183. [Google Scholar] [CrossRef]
  27. De la Cruz, J.; Wu, Y.; Candelo-Becerra, J.E.; Vásquez, J.C.; Guerrero, J.M. Review of Networked Microgrid Protection: Architectures, Challenges, Solutions, and Future Trends. CSEE J. Power Energy Syst. 2024, 10, 448–467. [Google Scholar] [CrossRef]
  28. Rouhani, S.H.; Su, C.L.; Mobayen, S.; Razmjooy, N.; Elsisi, M. Cyber Resilience in Renewable Microgrids: A Review of Standards, Challenges, and Solutions. Energy 2024, 309, 133081. [Google Scholar] [CrossRef]
  29. Hussain, N.; Nasir, M.; Vasquez, J.C.; Guerrero, J.M. Recent Developments and Challenges on AC Microgrids Fault Detection and Protection Systems–A Review. Energies 2020, 13, 2149. [Google Scholar] [CrossRef]
  30. Vegunta, S.C.; Higginson, M.J.; Kenarangui, Y.E.; Li, G.T.; Zabel, D.W.; Tasdighi, M.; Shadman, A. AC Microgrid Protection System Design Challenges—A Practical Experience. Energies 2021, 14, 2016. [Google Scholar] [CrossRef]
  31. Gaggero, G.B.; Rossi, M.; Girdinio, P.; Marchese, M. Cybersecurity Issues in Communication-Based Electrical Protections. In Proceedings of the International Conference on Electrical, Computer, and Energy Technologies, ICECET 2022, Prague, Czech Republic, 20–22 July 2022. [Google Scholar] [CrossRef]
  32. Uzair, M.; Li, L.; Eskandari, M.; Hossain, J.; Zhu, J.G. Challenges, Advances and Future Trends in AC Microgrid Protection: With a Focus on Intelligent Learning Methods. Renew. Sustain. Energy Rev. 2023, 178, 113228. [Google Scholar] [CrossRef]
  33. Kaur, G.; Prakash, A.; Rao, K.U. A Critical Review of Microgrid Adaptive Protection Techniques with Distributed Generation. Renew. Energy Focus 2021, 39, 99–109. [Google Scholar] [CrossRef]
  34. Shobole, A.A.; Wadi, M. Multiagent Systems Application for the Smart Grid Protection. Renew. Sustain. Energy Rev. 2021, 149, 111352. [Google Scholar] [CrossRef]
  35. Patnaik, B.; Mishra, M.; Bansal, R.C.; Jena, R.K. AC Microgrid Protection—A Review: Current and Future Prospective. Appl. Energy 2020, 271, 115210. [Google Scholar] [CrossRef]
  36. dos Reis, F.B.; Pinto, J.O.C.P.; dos Reis, F.S.; Issicaba, D.; Rolim, J.G. Multi-Agent Dual Strategy Based Adaptive Protection for Microgrids. Sustain. Energy Grids Netw. 2021, 27, 100501. [Google Scholar] [CrossRef]
  37. Khalid, H.; Shobole, A. Existing Developments in Adaptive Smart Grid Protection: A Review. Electr. Power Syst. Res. 2021, 191, 106901. [Google Scholar] [CrossRef]
  38. Fawzy, N.; Habib, H.F.; Mohammed, O.; Brahma, S. Protection of Microgrids with Distributed Generation Based on Multiagent System. In Proceedings of the 2020 IEEE International Conference on Environment and Electrical Engineering and 2020 IEEE Industrial and Commercial Power Systems Europe (EEEIC/I&CPS Europe), Madrid, Spain, 9–12 June 2020; pp. 1–5. [Google Scholar]
  39. Albarakati, J.A.; Azeroual, M.; Boujoudar, Y.; EL Iysaouy, L.; Aljarbouh, A.; Tassaddiq, A.; EL Markhi, H. Multi-Agent-Based Fault Location and Cyber-Attack Detection in Distribution System. Energies 2023, 16, 224. [Google Scholar] [CrossRef]
  40. Aazami, R.; Esmaeilbeigi, S.; Valizadeh, M.; Javadi, M.S. Novel Intelligent Multi-Agents System for Hybrid Adaptive Protection of Micro-Grid. Sustain. Energy Grids Netw. 2022, 30, 100682. [Google Scholar] [CrossRef]
  41. De La Cruz, J.; Vasquez, J.C.; Guerrero, J.M.; Luna, E.G.; Candelo-Becerra, J.E. Adaptive Multi-Agent-Zonal Protection Scheme for AC Microgrids. In Proceedings of the 2023 25th European Conference on Power Electronics and Applications (EPE’23 ECCE Europe), Aalborg, Denmark, 4–8 September 2023; pp. 1–9. [Google Scholar]
  42. Ataei, M.A.; Gitizadeh, M. A Distributed Adaptive Protection Scheme Based on Multi-agent System for Distribution Networks in the Presence of Distributed Generations. IET Gener. Transm. Distrib. 2022, 16, 1521–1540. [Google Scholar] [CrossRef]
  43. Memon, A.A.; Kauhaniemi, K. Real-Time Hardware-in-the-Loop Testing of IEC 61850 GOOSE-Based Logically Selective Adaptive Protection of AC Microgrid. IEEE Access 2021, 9, 154612–154639. [Google Scholar] [CrossRef]
  44. Satuyeva, B.; Sultankulov, B.; Nunna, H.S.V.S.K.; Kalakova, A.; Doolla, S. Q-Learning Based Protection Scheme for Microgrid Using Multi-Agent System. In Proceedings of the 2019 International Conference on Smart Energy Systems and Technologies (SEST), Porto, Portugal, 9–11 September 2019; pp. 1–6. [Google Scholar]
  45. Rahman, M.S.; Isherwood, N.; Oo, A.M.T. Multi-Agent Based Coordinated Protection Systems for Distribution Feeder Fault Diagnosis and Reconfiguration. Int. J. Electr. Power Energy Syst. 2018, 97, 106–119. [Google Scholar] [CrossRef]
  46. Tripathi, J.M.; Yadav, N.; Mallik, S.K.; Chandel, A. A Multi-Agent Approach for Protection Coordination in a Microgrid Using JADE Platform. In Proceedings of the 2025 IEEE 1st International Conference on Smart and Sustainable Developments in Electrical Engineering, SSDEE 2025, Dhanbad, India, 28 February–2 March 2025; pp. 1–6. [Google Scholar] [CrossRef]
  47. Alzahrani, S.; Sinjari, K.; Mitra, J. Multi-Agent and State Observer-Based Technique for Microgrid Protection. IEEE Trans. Ind. Appl. 2024, 60, 2697–2705. [Google Scholar] [CrossRef]
  48. Najar, A.; Kazemi Karegar, H.; Esmaeilbeigi, S. Multi-agent Protection Scheme for Microgrid Using Deep Learning. IET Renew. Power Gener. 2024, 18, 663–678. [Google Scholar] [CrossRef]
  49. Dizioli, F.A.S.; Barra, P.H.A.; Menezes, T.S.; Lacerda, V.A.; Coury, D.V.; Fernandes, R.A.S. Multi-Agent System-Based Microgrid Protection Using Angular Variation: An Embedded Approach. Electr. Power Syst. Res. 2023, 220, 109324. [Google Scholar] [CrossRef]
  50. IEC 60870-5-104:2006/AMD1:2016/COR1:2023; Telecontrol Equipment and Systems—Part 5-104: Transmission Protocols—Network Access for IEC 60870-5-101 Using Standard Transport Profiles (Corrigendum 1 to Amendment 1). International Electrotechnical Commission: Geneva, Switzerland, 2023.
  51. Abbaspour, E.; Fani, B.; Karami-Horestani, A. Adaptive Scheme Protecting Renewable-Dominated Micro-Grids against Usual Topology-Change Events. IET Renew. Power Gener. 2021, 15, 2686–2698. [Google Scholar] [CrossRef]
  52. Uzair, M.; Li, L.; Zhu, J.G.; Eskandari, M. A Protection Scheme for AC Microgrids Based on Multi-Agent System Combined with Machine Learning. In Proceedings of the 2019 29th Australasian Universities Power Engineering Conference (AUPEC), Nadi, Fiji, 26–29 November 2019; pp. 1–6. [Google Scholar]
  53. Abbaspour, E.; Fani, B.; Heydarian-Forushani, E. A Bi-Level Multi Agent Based Protection Scheme for Distribution Networks with Distributed Generation. Int. J. Electr. Power Energy Syst. 2019, 112, 209–220. [Google Scholar] [CrossRef]
  54. Faria, I.M.; Furlan, R.H.; Martins, P.E.T.; Menezes, T.S.; Oleskovicz, M.; Coury, D.V. The Proposition of a Multiagent System for Adaptive Protection of a Distribution System. In Proceedings of the 2018 Simposio Brasileiro de Sistemas Eletricos (SBSE), Niteroi, Brazil, 12–16 May 2018; pp. 1–6. [Google Scholar]
  55. Daryani, M.J.; Karkevandi, A.E. Decentralized Cooperative Protection Strategy for Smart Distribution Grid Using Multi-Agent System. In Proceedings of the 2018 6th International Istanbul Smart Grids and Cities Congress and Fair (ICSG), Istanbul, Turkey, 25–26 April 2018; pp. 134–138. [Google Scholar]
  56. Daryani, M.J.; Karkevandi, A.E.; Usta, O. Multi-Agent Approach to Wide-Area Integrated Adaptive Protection System of Microgrid for Pre- and Post-Contingency Conditions. In Proceedings of the 2018 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), Sarajevo, Bosnia and Herzegovina, 21–25 October 2018; pp. 1–6. [Google Scholar]
  57. Pullaguram, D.; Sahoo, S. Cyber Security Threats in Multi-Agent Microgrids. In Cyber Security for Microgrids; Institution of Engineering and Technology: Stevenage, UK, 2022; pp. 105–125. [Google Scholar]
  58. Owoputi, R.; Ray, S. Security of Multi-Agent Cyber-Physical Systems: A Survey. IEEE Access 2022, 10, 121465–121479. [Google Scholar] [CrossRef]
  59. Khatana, V.; Chakraborty, S.; Saraswat, G.; Patel, S.; Salapaka, M.V. A Distributed Malicious Agent Detection Scheme for Resilient Power Apportioning in Microgrids. In Proceedings of the IECON 2024—50th Annual Conference of the IEEE Industrial Electronics Society, Chicago, IL, USA, 3–6 November 2024; pp. 1–7. [Google Scholar] [CrossRef]
  60. Karanfil, M.; Rebbah, D.E.; Debbabi, M.; Kassouf, M.; Ghafouri, M.; Youssef, E.N.S.; Hanna, A. Detection of Microgrid Cyberattacks Using Network and System Management. IEEE Trans. Smart Grid 2023, 14, 2390–2405. [Google Scholar] [CrossRef]
  61. IEC 62351-7:2017; Power Systems Management and Associated Information Exchange—Data and Communications Security—Part 7: Network and System Management (NSM) Data Object Models. International Electrotechnical Commission: Geneva, Switzerland, 2017.
  62. Roy, S.D.; Debbarma, S.; Guerrero, J.M. Machine Learning Based Multi-Agent System for Detecting and Neutralizing Unseen Cyber-Attacks in AGC and HVDC Systems. IEEE J. Emerg. Sel. Top. Circuits Syst. 2022, 12, 182–193. [Google Scholar] [CrossRef]
  63. Al-dulaimi, F.N.S.; Kurnaz, S. Enhancing Cybersecurity and Frequency Control Efficiency in AC Islanded Microgrids: A Distributed Approach with a Stochastic Models. In Proceedings of the 2024 8th International Conference on Green Energy and Applications (ICGEA), Singapore, 14–16 March 2024. [Google Scholar] [CrossRef]
  64. Hu, B.; Zhou, C.; Tian, Y.-C.; Hu, X.; Junping, X. Decentralized Consensus Decision-Making for Cybersecurity Protection in Multimicrogrid Systems. IEEE Trans. Syst. Man. Cybern. Syst. 2021, 51, 2187–2198. [Google Scholar] [CrossRef]
  65. Zhou, T.L.; Xiahou, K.S.; Zhang, L.L.; Wu, Q.H. Multi-Agent-Based Hierarchical Detection and Mitigation of Cyber Attacks in Power Systems. Int. J. Electr. Power Energy Syst. 2021, 125, 106516. [Google Scholar] [CrossRef]
  66. Choi, I.-S.; Hong, J.; Kim, T.-W. Multi-Agent Based Cyber Attack Detection and Mitigation for Distribution Automation System. IEEE Access 2020, 8, 183495–183504. [Google Scholar] [CrossRef]
  67. Boakye-Boateng, K.; Ghorbani, A.A.; Lashkari, A.H. Securing Substations with Trust, Risk Posture, and Multi-Agent Systems: A Comprehensive Approach. In Proceedings of the 2023 20th Annual International Conference on Privacy, Security and Trust, PST 2023, Copenhagen, Denmark, 21–23 August 2023. [Google Scholar] [CrossRef]
  68. Wang, Y.; Mondal, S.; Deng, C.; Satpathi, K.; Xu, Y.; Dasgupta, S. Cyber-Resilient Cooperative Control of Bidirectional Interlinking Converters in Networked AC/DC Microgrids. IEEE Trans. Ind. Electron. 2021, 68, 9707–9718. [Google Scholar] [CrossRef]
  69. Abianeh, A.J.; Wan, Y.; Ferdowsi, F.; Mijatovic, N.; Dragicevic, T. Vulnerability Identification and Remediation of FDI Attacks in Islanded DC Microgrids Using Multiagent Reinforcement Learning. IEEE Trans. Power Electron. 2022, 37, 6359–6370. [Google Scholar] [CrossRef]
  70. Stout, W.M.S. Toward a Multi-Agent System Architecture for Insight & Cybersecurity in Cyber-Physical Networks. In Proceedings of the 2018 International Carnahan Conference on Security Technology (ICCST), Montreal, QC, Canada, 22–25 October 2018; pp. 1–5. [Google Scholar]
  71. Ogbogu, C.E.; Thornburg, J.; Okozi, S.O. Smart Grid Fault Mitigation and Cybersecurity with Wide-Area Measurement Systems: A Review. Energies 2025, 18, 994. [Google Scholar] [CrossRef]
  72. Liu, M.; Teng, F.; Zhang, Z.; Ge, P.; Sun, M.; Deng, R.; Cheng, P.; Chen, J. Enhancing Cyber-Resiliency of DER-Based Smart Grid: A Survey. IEEE Trans. Smart Grid 2024, 15, 4998–5030. [Google Scholar] [CrossRef]
  73. Jimada-Ojuolape, B.; Teh, J.; Lai, C.M. Securing the Grid: A Comprehensive Analysis of Cybersecurity Challenges in PMU-Based Cyber-Physical Power Networks. Electr. Power Syst. Res. 2024, 233, 110509. [Google Scholar] [CrossRef]
  74. Rath, S.; Nguyen, L.D.; Sahoo, S.; Popovski, P. Self-Healing Secure Blockchain Framework in Microgrids. IEEE Trans. Smart Grid 2023, 14, 4729–4740. [Google Scholar] [CrossRef]
  75. Rath, S.; Pal, D.; Sharma, P.S.; Panigrahi, B.K. A Cyber-Secure Distributed Control Architecture for Autonomous AC Microgrid. IEEE Syst. J. 2020, 15, 3324–3335. [Google Scholar] [CrossRef]
  76. Abdelkader, S.; Amissah, J.; Kinga, S.; Mugerwa, G.; Emmanuel, E.; Mansour, D.E.A.; Bajaj, M.; Blazek, V.; Prokop, L. Securing Modern Power Systems: Implementing Comprehensive Strategies to Enhance Resilience and Reliability against Cyber-Attacks. Results Eng. 2024, 23, 102647. [Google Scholar] [CrossRef]
  77. Yaacoub, J.P.; Noura, H.; Azar, J.; Salman, O.; Chahine, K. Cybersecurity in Smart Renewable Energy Systems. In Proceedings of the 2024 International Wireless Communications and Mobile Computing (IWCMC), Ayia Napa, Cyprus, 27–31 May 2024; pp. 1534–1540. [Google Scholar]
  78. Nair, P.S.; Mandal, S.K.; Sharma, N. Securing Smart Microgrids: A Cybersecurity Survey. In Proceedings of the 2023 International Conference on Power Energy, Environment & Intelligent Control (PEEIC), Greater Noida, India, 19–23 December 2023; pp. 1318–1322. [Google Scholar]
  79. Rath, S.; Das, T.; Sengupta, S. Improvise, Adapt, Overcome: Dynamic Resiliency Against Unknown Attack Vectors in Microgrid Cybersecurity Games. IEEE Trans. Smart Grid 2024, 15, 4245–4258. [Google Scholar] [CrossRef]
  80. Tripathy, M.; Niyogi, R.; Kumar, P.S.; Kumbhar, G.B.; Singh, R.; Thakur, V. A Novel Approach for Detection of Cyber Attacks in Microgrid SCADA System. In Proceedings of the 2023 IEEE 3rd International Conference on Sustainable Energy and Future Electric Transportation (SEFET), Bhubaneswar, India, 9–12 August 2023; pp. 1–6. [Google Scholar]
  81. Abraham, D.; Toftegaard, Ø.; Retnam, B.B.J.D.; Gebremedhin, A.; Yayilgan, S.Y. Consequence Simulation of Cyber Attacks on Key Smart Grid Business Cases. Front. Energy Res. 2024, 12, 1395954. [Google Scholar] [CrossRef]
  82. Khalaf, M.; Ayad, A.; Tushar, M.H.K.; Kassouf, M.; Kundur, D. A Survey on Cyber-Physical Security of Active Distribution Networks in Smart Grids. IEEE Access 2024, 12, 29414–29444. [Google Scholar] [CrossRef]
  83. Anderson, J.; Bougie, J.; Dood, M.; Falk, H.; Formea, J.; Haveron, S.; Holstein, D.; Lacroix, M.; Laughner, T.; Mix, S.; et al. Task Force on Utility & Municipality Challenges on Analyzing and Implementing Cybersecurity Standards and Best Practices. Available online: https://resourcecenter.ieee-pes.org/publications/technical-reports/pes_tr_tr116_psccc_100824 (accessed on 9 September 2025).
  84. Hasan, M.K.; Abdulkadir, R.A.; Islam, S.; Gadekallu, T.R.; Safie, N. A Review on Machine Learning Techniques for Secured Cyber-Physical Systems in Smart Grid Networks. Energy Rep. 2024, 11, 1268–1290. [Google Scholar] [CrossRef]
  85. IEC 62443-2-4:2015; Security for Industrial Automation and Control Systems—Part 2-4: Security Program Requirements for IACS Service Providers. International Electrotechnical Commission: Geneva, Switzerland, 2015.
  86. Téglásy, B.Z.; Gran, B.A.; Katsikas, S.; Gkioulos, V.; Lundteigen, M.A. Clarification of the Cybersecurity and Functional Safety Interrelationship in Industrial Control Systems: Barrier Concepts and Essential Functions. In Proceedings of the 30th European Safety and Reliability Conference and the 15th Probabilistic Safety Assessment and Management Conference, Venice, Italy, 1–5 November 2020; pp. 1980–1987. [Google Scholar]
  87. ISO/IEC 27000:2018; Information Technology—Security Techniques—Information Security Management Systems—Overview and Vocabulary. International Organization for Standardization/International Electrotechnical Commission: Geneva, Switzerland, 2018.
  88. Culot, G.; Nassimbeni, G.; Podrecca, M.; Sartor, M. The ISO/IEC 27001 Information Security Management Standard: Literature Review and Theory-Based Research Agenda. TQM J. 2021, 33, 76–105. [Google Scholar] [CrossRef]
  89. IEEE 2030-2011; IEEE Guide for Smart Grid Interoperability of Energy Technology and Information Technology Operation with the Electric Power System (EPS), and End-Use Applications, and Loads. Institute of Electrical and Electronics Engineers (IEEE): New York, NY, USA, 2011.
  90. Hasan, M.K.; Habib, A.A.; Shukur, Z.; Ibrahim, F.; Islam, S.; Razzaque, M.A. Review on Cyber-Physical and Cyber-Security System in Smart Grid: Standards, Protocols, Constraints, and Recommendations. J. Netw. Comput. Appl. 2023, 209, 103540. [Google Scholar] [CrossRef]
  91. IEEE 1686-2022; Standard for Intelligent Electronic Devices Cybersecurity Capabilities. IEEE (Institute of Electrical and Electronics Engineers): New York, NY, USA, 2022.
  92. IEEE 1547.3-2007; Guide for Monitoring, Information Exchange, and Control of Distributed Resources Interconnected with Electric Power Systems. IEEE: New York, NY, USA, 2007.
  93. IEEE 1402-2021; Guide for Physical Security of Electric Power Substations. IEEE: New York, NY, USA, 2021.
  94. IEEE C37.240-2014; Standard Cybersecurity Requirements for Substation Automation, Protection, and Control Systems. IEEE: New York, NY, USA, 2014.
  95. Alsafran, A.S. A Feasibility Study of Implementing IEEE 1547 and IEEE 2030 Standards for Microgrid in the Kingdom of Saudi Arabia. Energies 2023, 16, 1777. [Google Scholar] [CrossRef]
  96. Kim, Y.-S.; Lee, G.; Kang, J. Lightweight IEC 61850 Secure Communication Module for Microgrids. In Lecture Notes on Data Engineering and Communications Technologies; Springer: Cham, Switzerland, 2017; Volume 2, pp. 443–451. [Google Scholar] [CrossRef]
  97. Cusimano, J. Overview of ISA 62443 and Its Relationship to the NIST Framework. In Proceedings of the ISA Process Control and Safety Symposium 2014, PCS 2014, Houston, TX, USA, 7–9 October 2014; pp. 859–872. [Google Scholar]
  98. Goodwin, S. The Need for a Financial Sector Legal Standard to Support the NIST Cybersecurity Framework. In Proceedings of the IEEE Southeast Con, Mobile, AL, USA, 26 March–3 April 2022; pp. 89–95. [Google Scholar]
  99. Wang, L.; Zhang, P.; Tang, Z. Programmable Crypto-Control for Networked Microgrids. In Microgrids; Wiley: Hoboken, NJ, USA, 2024; pp. 335–357. [Google Scholar]
  100. Cheng, Z.; Ye, F.; Cao, X.; Chow, M.-Y. A Homomorphic Encryption-Based Private Collaborative Distributed Energy Management System. IEEE Trans. Smart Grid 2021, 12, 5233–5243. [Google Scholar] [CrossRef]
  101. Zhuo, Q.; Zhang, H.; Hu, X. A Homomorphic Cryptography Based Privacy-Preserving Consensus Algorithm with Event-Triggering in Distributed Energy Management. In Proceedings of the 2021 40th Chinese Control Conference (CCC), Shanghai, China, 26–28 July 2021; pp. 6772–6777. [Google Scholar]
  102. Liu, B.; Wu, J.; Chai, L. Distributed Privacy-Preserving Algorithm for Economic Dispatch and Demand Response of Smart Grid with Homomorphic Encryption. IEEE Trans. Smart Grid 2025, 16, 173–182. [Google Scholar] [CrossRef]
  103. Joshi, S.; Li, R.; Bhattacharjee, S.; Das, S.K.; Yamana, H. Privacy-Preserving Data Falsification Detection in Smart Grids Using Elliptic Curve Cryptography and Homomorphic Encryption. In Proceedings of the 2022 IEEE International Conference on Smart Computing (SMARTCOMP), Helsinki, Finland, 20–24 June 2022; pp. 229–234. [Google Scholar]
  104. Raso, E.; Bracciale, L.; Gallo, P.; Bernardinetti, G.; Bianchi, G.; Sanseverino, E.R.; Loreti, P. Performance Evaluation of Cryptographic Schemes for Blockchain Security of Smart Grids. In Proceedings of the 2022 Workshop on Blockchain for Renewables Integration (BLORIN), Palermo, Italy, 2–3 September 2022; pp. 113–117. [Google Scholar]
  105. Mohamed, M.O.; Abdelaziz, A.Y.; Abo-Elyousr, F.K. Blockchain-Based Approach for Load Frequency Control of Smart Grids under Denial-of-Service Attacks. Comput. Electr. Eng. 2024, 116, 109150. [Google Scholar] [CrossRef]
  106. Awais, M.; Abbas, Q.; Tariq, S.; Warraich, S.H. Blockchain Based Secure Energy Marketplace Scheme to Motivate P2P Microgrids. Int. J. Inform. Commun. Technol. (IJ-ICT) 2022, 11, 177. [Google Scholar] [CrossRef]
  107. Sharma, D.D.; Lin, J.; Sarojwal, A.; Sharma, A.; Sharma, A. Blockchain Based Adaptive Non-Cooperative Game Strategy for Smart Power Contracts. In Proceedings of the 2023 IEEE 8th International Conference for Convergence in Technology (I2CT), Lonavla, India, 7–9 April 2023; pp. 1–6. [Google Scholar]
  108. Sabir, B.E.; Youssfi, M.; Bouattane, O.; Allali, H. Authentication Model Based on JWT and Local PKI for Communication Security in Multi-Agent Systems. In Learning and Analytics in Intelligent Systems; Springer: Cham, Switzerland, 2020; Volume 7, pp. 469–479. [Google Scholar] [CrossRef]
  109. Feng, L.; Mei, H. Research and Design of Security in Multi-Agent System. In Proceedings of the IET International Conference on Wireless Mobile and Multimedia Networks Proceedings (ICWMMN 2006), Online, 6–9 November 2006; p. 417. [Google Scholar] [CrossRef]
  110. Jiang, Y.; Du, S.; Xu, W.; Dong, Y. V2G Charging and Discharging Information Authentication Based on Blockchain Technology. In Proceedings of the 2024 IEEE 4th International Conference on Digital Twins and Parallel Intelligence, DTPI 2024, Wuhan, China, 18–20 October 2024; pp. 732–736. [Google Scholar] [CrossRef]
  111. Mahmood, S.; Gohar, M.; Choi, J.G.; Koh, S.J.; Alquhayz, H.; Khan, M. Digital Certificate Verification Scheme for Smart Grid Using Fog Computing (Fonica). Sustainability 2021, 13, 2549. [Google Scholar] [CrossRef]
  112. Ogunnusi, O.S.; Razak, S.A.; Abdullah, A.H. A Lightweight One-Pass Authentication Mechanism for Agent Communication in Multi-Agent System Based Applications. J. Teknol. 2015, 77, 1–9. [Google Scholar] [CrossRef]
  113. Mehta, P.J.; Parne, B.L.; Patel, S.J. SE-LAKAF: Security Enhanced Lightweight Authentication and Key Agreement Framework for Smart Grid Network. Peer Peer Netw. Appl. 2023, 16, 1513–1535. [Google Scholar] [CrossRef]
  114. Zhu, L.; Cao, Y.; Liao, L.; Tan, Y.; Durad, M.H.; Wang, D. Secure Group Communication in Multi-Agent Systems. WSEAS Trans. Commun. 2006, 5, 781–787. [Google Scholar]
  115. Bolgouras, V.; Ntantogian, C.; Panaousis, E.; Xenakis, C. Distributed Key Management in Microgrids. IEEE Trans. Industr. Inform. 2020, 16, 2125–2133. [Google Scholar] [CrossRef]
  116. Samuel, O.; Javaid, N.; Khalid, A.; Imrarn, M.; Nasser, N. A Trust Management System for Multi-Agent System in Smart Grids Using Blockchain Technology. In Proceedings of the GLOBECOM 2020—2020 IEEE Global Communications Conference, Taipei, Taiwan, 7–11 December 2020; pp. 1–6. [Google Scholar]
  117. Xu, M.; Qin, Y.; Mei, W.; Lin, C.; Shen, L. Lightweight Access Authentication Management Method for Complex Power End-Side Devices. In Proceedings of the Sixth International Conference on Information Science, Electrical, and Automation Engineering (ISEAE 2024), Wuhan, China, 19–21 April 2024; Volume 13275, p. 57. [Google Scholar]
  118. Boi, B.; Esposito, C. Decentralized Authentication in Microservice Architectures with SSI and DID in Blockchain. In Proceedings of the International Conference on Cloud Computing Technology and Science, CloudCom, Naples, Italy, 4–6 December 2023; pp. 216–223. [Google Scholar]
  119. Pathak, A.; Al-Anbagi, I.; Hamilton, H.J. Privacy-Preserving Authentication Mechanism for P2P Energy Trading in Smart Grid Networks. In Proceedings of the IEEE International Conference on Communications, Denver, CO, USA, 9–13 June 2024; pp. 3085–3090. [Google Scholar]
  120. Daubry, W.; Dricot, J.-M.; Henneaux, P. Decentralized Group Authentication with Membership Verification in Islanded Smart Grids. In Proceedings of the 2023 12th Mediterranean Conference on Embedded Computing (MECO), Budva, Montenegro, 6–10 June 2023; pp. 1–6. [Google Scholar]
  121. Alshowkan, M.; Evans, P.; Starke, M.; Earl, D.; Peters, N. Authentication of Smart Grid Communications Using Quantum Key Distribution. Sci. Rep. 2022, 12, 12731. [Google Scholar] [CrossRef]
  122. Mezquita, Y.; Gazafroudi, A.S.; Corchado, J.M.; Shafie-Khah, M.; Laaksonen, H.; Kamišalić, A. Multi-Agent Architecture for Peer-to-Peer Electricity Trading Based on Blockchain Technology. In Proceedings of the 2019 XXVII International Conference on Information, Communication and Automation Technologies (ICAT), Sarajevo, Bosnia and Herzegovina, 20–23 October 2019; pp. 1–6. [Google Scholar]
  123. Cheng, Z.; Chow, M.-Y. An Augmented Bayesian Reputation Metric for Trustworthiness Evaluation in Consensus-Based Distributed Microgrid Energy Management Systems with Energy Storage. In Proceedings of the 2020 2nd IEEE International Conference on Industrial Electronics for Sustainable Energy Systems (IESES), Cagliari, Italy, 1–3 September 2020; pp. 215–220. [Google Scholar]
  124. Bougueroua, N.; Mazouzi, S.; Belaoued, M.; Seddari, N.; Derhab, A.; Bouras, A. A Survey on Multi-Agent Based Collaborative Intrusion Detection Systems. J. Artif. Intell. Soft Comput. Res. 2021, 11, 111–142. [Google Scholar] [CrossRef]
  125. Isaza, G.A.; Castillo, A.G.; Duque, N.D. An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies. In Advances in Intelligent and Soft Computing; Springer: Berlin/Heidelberg, Germany, 2009; Volume 55, pp. 237–245. [Google Scholar] [CrossRef]
  126. Ouiazzane, S.; Addou, M.; Barramou, F. A Multi-Agent Model for Network Intrusion Detection. In Proceedings of the ICSSD 2019—International Conference on Smart Systems and Data Science, Rabat, Morocco, 3–4 October 2019. [Google Scholar]
  127. Mudzingwa, D.; Agrawal, R. A Study of Methodologies Used in Intrusion Detection and Prevention Systems (IDPS). In Proceedings of the IEEE Southeastcon, Orlando, FL, USA, 15–18 March 2012. [Google Scholar]
  128. Devi, V.A.; Bhuvaneswari, E.; Tummala, R.K. Decentralized Hybrid Intrusion Detection System for Cyber Attack Identification Using Machine Learning. In Proceedings of the 2023 International Conference on Data Science, Agents and Artificial Intelligence, ICDSAAI 2023, Chennai, India, 21–23 December 2023. [Google Scholar]
  129. Mezghani, S.; Ktata, F.B. A Distributed Intelligent Agent Based Intrusion Detection System Using Deep Learning Algorithms. In Proceedings of the DTUC ‘20: Proceedings of the 2nd International Conference on Digital Tools & Uses Congress, Virtual, 7–15 October 2020. [Google Scholar]
  130. Ali, A.; Zia, A.; Razzaque, A.; Shahid, H.; Sheikh, H.T.; Saleem, M.; Yousaf, F.; Muneer, S. Enhancing Cybersecurity with Artificial Neural Networks: A Study on Threat Detection and Mitigation Strategies. In Proceedings of the 2nd International Conference on Cyber Resilience, ICCR 2024, Dubai, United Arab Emirates, 26–28 February 2024. [Google Scholar]
  131. Louati, F.; Barika Ktata, F.; Amous, I. An Intelligent Security System Using Enhanced Anomaly-Based Detection Scheme. Comput. J. 2024, 67, 2317–2330. [Google Scholar] [CrossRef]
  132. Louati, F.; Ktata, F.B.; Amous, I. Big-IDS: A Decentralized Multi Agent Reinforcement Learning Approach for Distributed Intrusion Detection in Big Data Networks. Cluster Comput. 2024, 27, 6823–6841. [Google Scholar] [CrossRef]
  133. Tesnim, Y.; Farah, J. A Multi-Agent-Based System for Intrusion Detection. In Smart Innovation, Systems and Technologies; Springer: Singapore, 2021; Volume 241, pp. 177–191. [Google Scholar] [CrossRef]
  134. Achbarou, O.; El Kiram, M.A.; Bourkoukou, O.; Elbouanani, S. A Multi-Agent System-Based Distributed Intrusion Detection System for a Cloud Computing. In Communications in Computer and Information Science; Springer: Cham, Switzerland, 2018; Volume 929, pp. 98–107. [Google Scholar] [CrossRef]
  135. Zhang, X.; Zhang, Z.; Zhang, R.; Liu, W.; Li, H.; Peng, J. Event-Triggered Resilient Recovery Learning Control Protocol for Interconnected DC Microgrids with Distributed Attack Detection. Sustain. Energy Grids Netw. 2024, 38, 101364. [Google Scholar] [CrossRef]
  136. Zhang, H.; Meng, W.; Qi, J.; Wang, X.; Zheng, W.X. Distributed Load Sharing Under False Data Injection Attack in an Inverter-Based Microgrid. IEEE Trans. Ind. Electron. 2019, 66, 1543–1551. [Google Scholar] [CrossRef]
  137. Hosseini, S.A.; Sadeghi, S.H.H.; Nasiri, A. Decentralized Adaptive Protection Coordination Based on Agents Social Activities for Microgrids with Topological and Operational Uncertainties. IEEE Trans. Ind. Appl. 2021, 57, 702–713. [Google Scholar] [CrossRef]
  138. Samkari, H.S.; Johnson, B.K. Multi-Agent Protection Scheme for Resilient Microgrid Systems with Aggregated Electronically Coupled Distributed Energy Resources. In Proceedings of the IECON 2018—44th Annual Conference of the IEEE Industrial Electronics Society, Washington, DC, USA, 21–23 October 2018; pp. 752–757. [Google Scholar]
  139. Mumtaz, F.; Khan, H.H.; Zafar, A.; Ali, M.U.; Imran, K. A State-Observer-Based Protection Scheme for AC Microgrids with Recurrent Neural Network Assistance. Energies 2022, 15, 8512. [Google Scholar] [CrossRef]
  140. Mukherjee, S.; Hossain, R.R.; Mohiuddin, S.M.; Liu, Y.; Du, W.; Adetola, V.; Jinsiwale, R.A.; Huang, Q.; Yin, T.; Singhal, A. Resilient Control of Networked Microgrids Using Vertical Federated Reinforcement Learning: Designs and Real-Time Test-Bed Validations. arXiv 2023, arXiv:2311.12264. [Google Scholar] [CrossRef]
  141. Habib, H.F.; Esfahani, M.M.; Mohammed, O. Improvement of Protection Scheme for Microgrids Using Lithium- Ion Battery during Islanding. In Proceedings of the 2018 IEEE Industry Applications Society Annual Meeting (IAS), Portland, OR, USA, 23–27 September 2018; pp. 1–8. [Google Scholar]
  142. Habib, H.F.; Esfahani, M.M.; Mohammed, O.A. Investigation of Protection Strategy for Microgrid System Using Lithium-Ion Battery During Islanding. IEEE Trans. Ind. Appl. 2019, 55, 3411–3420. [Google Scholar] [CrossRef]
  143. Diaz Caicedo, A.M.; Gómez-Luna, E.; Franco Mejia, E. Revolutionizing Protection Dynamics in Microgrids: Local Validation Environment and a Novel Global Management Control Through Multi-Agent Systems. Comput. Electr. Eng. 2024, 120, 109748. [Google Scholar] [CrossRef]
  144. Shaker, A.; Bozorg, M.; Safari, A.; Najafi-Ravadanegh, S. An Adaptive Emergency Approach for Hybrid Networked Microgrids Resilience. IEEE Access 2022, 10, 103164–103175. [Google Scholar] [CrossRef]
  145. Habib, H.F.; Mohammed, O. Decentralized Multi-Agent System for Protection and the Power Restoration Process in Microgrids. In Proceedings of the 2017 Ninth Annual IEEE Green Technologies Conference (GreenTech), Denver, CO, USA, 29–31 March 2017; pp. 358–364. [Google Scholar]
  146. Ahmad, S.; Ahn, B.; Kim, T.; Choi, J.; Chae, M.; Han, D.; Won, D. Blockchain-Integrated Resilient Distributed Energy Resources Management System. In Proceedings of the 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Singapore, 25–28 October 2022; pp. 59–64. [Google Scholar]
  147. Babahajiani, P.; Zhang, P. Cyber-Resilient Distributed Microgrid Control. In Microgrids; Wiley: Hoboken, NJ, USA, 2024; pp. 307–334. [Google Scholar]
  148. Chhor, J.; Sourkounis, C. Networked Control Approach for Voltage Regulation with Optimal Reactive Power-Sharing. In Proceedings of the IECON 2018—44th Annual Conference of the IEEE Industrial Electronics Society, Washington, DC, USA, 21–23 October 2018; pp. 225–230. [Google Scholar]
  149. Yan, C.; Han, Y.; Yang, P.; Wang, C. Microgrid Cybersecurity: Addressing Challenges and Ensuring Resilience. In Proceedings of the 2023 IEEE 4th China International Youth Conference on Electrical Engineering, CIYCEE 2023, Chengdu, China, 8–10 December 2023. [Google Scholar] [CrossRef]
  150. Jahromi, M.Z.; Yaghoubi, E.; Yaghoubi, E.; Maghami, M.R.; Chamorro, H.R. An Innovative Real-Time Recursive Framework for Techno-Economical Self-Healing in Large Power Microgrids Against Cyber–Physical Attacks Using Large Change Sensitivity Analysis. Energies 2025, 18, 190. [Google Scholar] [CrossRef]
  151. Surinkaew, T.; Kerdphol, T. Informatics-Centric Neural Network for Distributed Energy Resources Against Diverse Cyber Threats. IEEE Trans. Industr Inform. 2024, 20, 14029–14041. [Google Scholar] [CrossRef]
  152. Nguyen, T.L.; Wang, Y.; Nguyen, H.T.; Hoang, T.T. Interconnected Microgrid Systems: Architecture, Hierarchical Control, and Implementation. In Smart Cyber-Physical Power Systems: Fundamental Concepts, Challenges, and Solutions; Wiley: Hoboken, NJ, USA, 2025. [Google Scholar]
  153. Luu, N.A.; Nguyen, T.L. Secondary Control for Cyber-Physical Interconnected Microgrid Systems. Eng. Technol. Appl. Sci. Res. 2025, 15, 21944–21950. [Google Scholar] [CrossRef]
  154. Mohamed, N. Renewable Energy in the Age of AI: Cybersecurity Challenges and Opportunities. In Proceedings of the 2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT), Kamand, India, 24–28 June 2024; pp. 1–6. [Google Scholar]
Electronics 14 03663 g001
Figure 1. Methodology.
Figure 1. Methodology.
Electronics 14 03663 g001
Electronics 14 03663 g002
Figure 2. MG structure with local components and agents.
Figure 2. MG structure with local components and agents.
Electronics 14 03663 g002
Electronics 14 03663 g003
Figure 3. Taxonomy of cyberattacks in microgrids with MAS-based adaptive protection.
Figure 3. Taxonomy of cyberattacks in microgrids with MAS-based adaptive protection.
Electronics 14 03663 g003
Electronics 14 03663 g004
Figure 4. Resiliency strategies.
Figure 4. Resiliency strategies.
Electronics 14 03663 g004
Table 1. Summary of recent MAS-based approaches to adaptive protection.
Table 1. Summary of recent MAS-based approaches to adaptive protection.
Ref.VLDCMPCSCAD
[46]JADEACL
[47]MATLAB/Simulink
[48]DIgSILENT MATLABEliminates communication dependency between agents for fault isolation
[49]PSCAD/EMTD
[41]ETAP
OPAL-RT		IEC 60870 [50]
/Modbus
[39]MATLAB/Simulink
JADE		TCP/IPProtection against physical faults and cyberattack detection
[40]MATLAB/SimulinkIEC 61850Reducing telecommunication risk and minimizing time delay for single-event faults by using offline calculations
[42]MATLAB
JADE		Binary data exchange between agentsEnhances robustness against cyberattacks and one-point failures by operating in a fully distributed manner
[36]PSCAD/EMTDC JADEFIPAReduces the risk of communication failures and delays by having a backup offline protection strategy
[10]ETAPIEC 61850
[51]ETAP
MATLAB		IEC 61850Self-healing scheme that adapts based on virtual local area network (VLAN) segmentation and communication mapping
[38]Not detailed
[44]JADE
MATLAB		Blockchain for information exchange
[52]Simulink
AnyLogic
[53]ETAPIEC 61850
[7]MATLAB
[54]RSCAD
JADE
[55]MATLAB
[56]MATLABIEC 61850
Legend: CMP = Communication protocols, CSCAD = Cybersecurity-related challenges addressed, VLD = Validation method, ACL = Agent communication language, • = Unclear or not addressed.
Table 2. Overview of MAS-based MG cybersecurity approaches.
Table 2. Overview of MAS-based MG cybersecurity approaches.
Ref.ContributionCStdFCATTEUKey ToolsCSCAD
[59]Distributed detection for malicious DERDTFDIOPAL-RT, UDP
Detecting and isolating malicious DER; deviant behavior
[63]Integrates distributed stochastic control and intelligent secondary frequency controlMTFDI, DoSMATLAB
Cyberattacks on communication links and local controls
[67]MAS-based trust management system for substation riskDTDoSDocker, Python, JADE, Modbus TCP/IP
Protocol-based attacks on IEDs and SCADA HMIs
[60]Hybrid rule-based and ML anomaly detectionIEC 62351DTMitMOPAL-RT, IEC 61850 IEC-104 [9,50]
Cyberattack detection via a security monitoring platform with ML
[69]Multi-agent deep RL for vulnerability ID and detection of FDI attacksIDFDIMATLAB/Simulink, dSPACE
Maintaining stealth under compromised links; overcoming detection failure for stealthy FDIs
[62]ML-based MAS for unseen data integrity and availability attacksDTFDIUnspecified
Detecting and neutralizing unseen cyberattacks; detection using only secured training data
[39]MAS for fault location, isolation, reconfiguration, and cyberattack detectionDTFDIMATLAB/Simulink, TCP/IP, JADE
Protection against physical faults and cyberattack detection
[64]Decentralized consensus decision-making (DCDM) with blockchain for cybersecurityDMBLKBlockchain
Timely mitigation of cyberattack risks; decentralized consensus
[68]Distributed resilient control for BICs in AC/DC microgridsCOFDIMATLAB/Simulink
OPC-UA
Managing coordinated node attacks; resilient control not reliant on prompt detection/isolation
[65]Three-level hierarchical MAS for detecting and mitigating cyberattacks/physical faultsDMLAN MitMDoSMATLAB/Simulink,
TCP/IP, JADE
Detecting and mitigating cyberattacks; distinguishing from physical faults
[16]Secure intrusion mitigation for microgrid distributed control systemsMTFDIMATLAB/Simulink
Secure intrusion mitigation; ensuring connectivity under attack; restoring frequency/voltage
[66]MAS for cybersecurity-enhanced DAS with anomaly detection/mitigationIEC 62351DMMitM
DoS		MATLAB, IEC 61850
Detecting and dealing with cyberattacks in distribution system; maintaining resiliency during outage
Legend: CStd = Cybersecurity standard, ATT = Attack, EU = Encryption and authentication, FC = Focus, CSCAD = Cybersecurity-Related Challenges Addressed, DT = Detection, CO = Coordination, MT = Mitigation, ID = Identification, BLK = Blockchain, MitM = Man in the middle, FDI = False data injection, DoS = Deniel of service, • = Unclear, ✓ = Applied.
Table 3. Crosswalk of cyberattacks and their impact on MAS adaptive protection.
Table 3. Crosswalk of cyberattacks and their impact on MAS adaptive protection.
Ref.Attack TypeTarget LayerExampleImpact on MAS
[60,74,78]Data Integrity (FDI)MAS/Agent, Comm.False measurement injectionFalse fault detection, mis-tripping
[60,75,79]DoSComm. Network, MASFlooding IEC 61850 GOOSEDelayed/failed adaptive response
[76,80] MitMComm. NetworkAltered relay settingsHidden miscoordination
[75,80]Insider ThreatMAS Software, Ops.Config. sabotageLoss of coordination
[58,76,77] APT/Zero-DayAll layersPersistent infiltrationLong-term disruption of MAS
Table 4. Summary of cybersecurity-related standards for power systems.
Table 4. Summary of cybersecurity-related standards for power systems.
Ref.StandardFocus/UseKey Limitations
[12]NERC CIPWidely used in power utilities to identify cyber vulnerabilities and recommend protectionsManual, costly compliance; not tailored for microgrids or modern communication tech like Wireless Sensor Networks (WSNs)
[96]IEC 62351Enhances IEC 61850 with security for communication/data transferOptional use; introduces latency; lacks key management; vulnerable to replay, DoS, Simple Network Time Protocol (SNTP) attacks
[88]ISO/IEC 27000-seriesISMS framework, widely used in information security governanceLimited technical controls; less adaptable to resource-constrained devices; variable implementation
[81,97,98]NIST Cybersecurity FrameworkFlexible framework for critical infrastructure protectionIT centric; voluntary adoption; incomplete mapping to other standards; limited smart grid specificity
[12]IEEE StandardsTechnical protocols and cybersecurity for DER, IEDs, and substation systemsFragmented coverage; multiple standards with varying relevance to microgrid-scale protection
Table 5. Key challenges in implementing cybersecurity standards in power systems.
Table 5. Key challenges in implementing cybersecurity standards in power systems.
ChallengeDescription
Complexity of Standards
-
Proliferation of evolving, and sometimes conflicting, standards across jurisdictions complicates implementation.
Interoperability Issues
-
Inconsistent requirements and interpretations hinder seamless integration of multi-vendor systems.
Domain-Specific Gaps
-
Generic guidelines often fail to address the unique operational constraints of OT environments.
Resource Constraints
-
Limited technical expertise, funding, and time restrict comprehensive deployment, particularly in smaller utilities.
Compliance vs. Effectiveness
-
Emphasis on regulatory compliance may overshadow the pursuit of genuine security robustness.
Evolving Threat Landscape
-
The rapid evolution of attack techniques frequently outpaces the update cycles of standards.
Testing and Validation
-
Absence of standardized testbeds and validation methodologies limits assurance of effectiveness.
Legacy System Integration
-
Inability of aging infrastructure to meet modern security requirements leads to partial or insecure adaptations.
Table 6. Performance impact, threats, and key management.
Table 6. Performance impact, threats, and key management.
Ref.Encryption TypePerformanceMAS Use CasesNotes and Mitigations
[104]Symmetric authenticated encryptionLow latency, suitable for fast controlFrequent control and telemetryUse for time-critical channels; combine with mutual authentication and rolling keys
[100,101,102]Homomorphic encryption (partial/fully)High CPU utilization and latency on-devicePrivacy-preserving aggregation, distributed optimal power flow (OPF)Useful for sums/optimization; mitigate by offloading, event-triggering, or encrypting only aggregates
Table 7. Summary of authentication solutions.
Table 7. Summary of authentication solutions.
Ref.TechniqueAuthenticationDescription/UseDrawbacks
[108,109]Public Key Infrastructure (PKI)Digital CertificatesAuthenticates agents and ensures message integrity and non-repudiationPoor scalability and high management and maintenance costs
[110,111]JSON Web Token (JWT)Used with PKI for stateless, secure communication, and frequent remote callsHighly centralized is limiting for MG
[112,113]One-Pass AuthenticationLightweight MechanismsReduces communication and computational overhead, especially in large agent systemsChallenges in maintaining user anonymity and session key secrecy
Limitations in balancing efficiency, performance, and security
[114,115]Group Key ManagementGroup Re-key ProtocolsEnsures that all agents share the same encryption key for secure group communicationMost are insecure and susceptible to MitM and impersonation attacks, or are not suitable for autonomous MG
[104,116]Blockchain + ZKP-Audit, settlements, reputation, market transactions; off-chain techniques and permissioned ledgers reduce overheadHigh storage and computation, throughput limits; best for non-real-time market functions
Table 8. Summary of the scalability and performance challenges of MAS-based MG cybersecurity.
Table 8. Summary of the scalability and performance challenges of MAS-based MG cybersecurity.
Ref.Challenge AreaKey IssuesProposed ApproachesLimitations/Trade-Offs
[148,149,150] System ComplexityDER integration and advanced communication technologies increase uncertainties and complicated management.Innovative frameworks to manage disturbances without recalculating full power flow equations.Added complexity in microgrid operations.
[151] Control vs. CybersecurityDifficult to ensure optimal control performance while addressing cyber threats.I-ANN enhances robustness and damping, mitigating rapid voltage/frequency fluctuations.Replacement of PI controllers with I-ANN introduces new optimization complexities.
[59,150]Real-Time Adaptability and EfficiencyBalancing immediate updates with computational efficiency.Frameworks optimizing generation/reconfiguration under technical, economic, and reliability constraints; low-footprint attack detection.High trade-offs between updating speed and computational load.
[69,152,153]Multi-Agent CoordinationAgents must coordinate within and across microgrids during cyberattacks.Distributed malicious DER detection and isolation, modular and less delay-sensitive than centralized methods.Requires extensive data and high-performance computing.
[63,150,153]Scalability and ResilienceLarge-scale adaptability and resilience remain challenging.Large change sensitivity (LCS) method, hierarchical distributed control, bandwidth-efficient solutions.Increased complexity in communication and coordination with scale.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Taveras Cruz, A.J.; Aybar-Mejía, M.; Colon-González, C.G.; Mariano-Hernández, D.; Hernandez, J.C.; Andrade-Rengifo, F.; Hernández-Callejo, L. Cybersecurity in MAS-Based Adaptive Protection for Microgrids—A Review. Electronics 2025, 14, 3663. https://doi.org/10.3390/electronics14183663

AMA Style

Taveras Cruz AJ, Aybar-Mejía M, Colon-González CG, Mariano-Hernández D, Hernandez JC, Andrade-Rengifo F, Hernández-Callejo L. Cybersecurity in MAS-Based Adaptive Protection for Microgrids—A Review. Electronics. 2025; 14(18):3663. https://doi.org/10.3390/electronics14183663

Chicago/Turabian Style

Taveras Cruz, Armando J., Miguel Aybar-Mejía, Carlos G. Colon-González, Deyslen Mariano-Hernández, Jesús C. Hernandez, Fabio Andrade-Rengifo, and Luis Hernández-Callejo. 2025. "Cybersecurity in MAS-Based Adaptive Protection for Microgrids—A Review" Electronics 14, no. 18: 3663. https://doi.org/10.3390/electronics14183663

APA Style

Taveras Cruz, A. J., Aybar-Mejía, M., Colon-González, C. G., Mariano-Hernández, D., Hernandez, J. C., Andrade-Rengifo, F., & Hernández-Callejo, L. (2025). Cybersecurity in MAS-Based Adaptive Protection for Microgrids—A Review. Electronics, 14(18), 3663. https://doi.org/10.3390/electronics14183663

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop