Projections of Cyberattacks on Stability of DC Microgrids—Modeling Principles and Solution

Microgrids relying on cooperative control are supported by communications, which are highly vulnerable to cyberattacks. A significant amount of research is already carried out on the detection and mitigation of cyberattacks to secure the operation of dc microgrids. Although cyberattacks are fully capable of causing cascaded converter outages leading to full/partial system blackouts, disturbing the system stability can also be a viable target by the adversaries, which has been overlooked so far. Hence, this article focuses on addressing the instability caused by stealth cyberattacks, which can easily bypass the well-defined observability tests. In addition, this article also introduces a novel adaptive stabilization method to eliminate the unstable modes due to cyberattacks, which has been designed considering a previously defined cyberattack detection metric as an input. To investigate its feasibility, a detailed model of a stable dc microgrid is first developed. Then, considering stealth cyberattack as a nonlinear element, the describing function-based method is used to investigate system stability under attack conditions. Finally, theoretical analysis, simulation, and experimental results under various scenarios are presented to verify the effectiveness of the proposed stabilization scheme.


Projections of Cyberattacks
coordinate between sources accordingly. Based on the high vulnerability of centralized controller to a single-point-of-failure, distributed controllers have proven themselves to become a strong candidate by offering enhanced reliability, scalability, and robustness for microgrids [4]. Apart from the flexibility offered by the communication networks, their omnipresence also expose the microgrids to a wider possibility of cyberattacks. Several cyber threats have been reported in the past. In 2019, hackers exploited firewall vulnerabilities to cause periodic blind spots for grid operators in the western US causing around 10 h of disruption [5]. One of the most discussed cyberattacks surfaced in Ukraine in 2015, when its capital city suffered with one of the largest blackout as three oblenergos (energy companies) were attacked using spear-phishing emails by the adversaries. This later allowed them to gain illegitimate access into their IT networks [6]. Some of the recent threats can be seen in grid-tied PV inverter systems [8], [9] and electric vehicles [10], where the attackers seized control of vital safety functions such as braking and steering in Jeep Cherokee and Tesla's model X [11], [12]. There are many kinds of malicious attacks and infiltration techniques, including false data injection (FDI) attacks, denial of service (DoS) [13], replay attacks [14], man-in-the-middle (MITM) attacks [15], etc. Usually, these attacks can also be well-curated by the adversary, which can be defined as generalized FDIAs, commonly known as stealth attacks [16]. In general, stealth attacks can easily penetrate into networked systems without altering the system observability. These attacks can be specifically classified as coordinated intelligent attacks [17] that involves coordinated attack vectors in multiple nodes to nullify system dynamics. By compromising the confidentiality, integrity, and availability of information, the adversaries can easily affect system operation or can cause shut down of power electronic dominated grids.
Recently, many papers have investigated the impact of cyberattacks in multiconverter systems, including the identification and removal of misbehaving agents [16]- [22]. Some stealth attack detection metrics, namely, cooperative vulnerability factor (CVF) [16] and discordant element (DE) [18], are proposed to identify the presence of attack elements on voltage and current sensors in dc networks, respectively. In order for each distributed energy resource (DER) to detect any misbehavior on its neighboring DERs, a neighborhood monitoring-based attack detection mechanism is also presented using a Kullback-Liebler divergence-based criterion [19]. Further, the authors in [20] 0885-8993 © 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information. adopted an aperiodic control strategy in which the switching frequency is randomized for encapsuling the detection mechanism to be hidden from the adversaries. IoT-based digital twins are also equipped for the resiliency of interconnected microgrids to quickly detect and mitigate different kind of cyberattacks [21]. In [22], a resilient control protocol based on trust coefficient was presented to mitigate the adverse effects of cyberattacks.
In [23] and [24], an event-driven signal reconstruction scheme was proposed to detect sophisticated categories of cyberattacks on dc microgrids. As the ongoing research on cybersecurity in power electronics is primarily focused on detecting and mitigating the prominent cyberattacks, it is timely to assess these conditions on a qualitative basis using the available disruption resources with an adversary. In short, disruption resources are the necessary collateral that allows illegitimate access into the attack target. In networked microgrids, limited disruption resources may imply access to limited nodes. The problem formulation involving limited disruption resources can be explained clearly using the 3-D cyberattack space shown in Fig. 1. The cyberattack space can be decomposed into two 2-D planes with model information as the reference entity. From the attacker's point of view, a cyberattack designed using fair disruption resources and no model information will have a negligible impact on the physical network due to the existing cyber-secure arrangements. However, considering the same situation with sufficient model information, the impact on physical system can be significant assuming that the attacker has enough resources to bypass the cyber-secure arrangements. By mapping the risk in three dimensions and comparing it with the ongoing research, the data integrity attacks in the abovementioned papers do not assume any limitation on the disruption resources for the adversary [25]. Whereas with the enhancement of security infrastructure in modern power electronic systems, the disruption of resources can be restricted. Under these circumstances, the adversary will have limited access despite having a reasonable amount of knowledge of both physical and cyber components. This situation has been reflected as A 1 in Fig. 1. One of the typical pursuits from the adversaries under this situation can be to force the microgrid to operate around boundary conditions, leading to instability. To the best of authors' knowledge, stability issues caused by cyberattacks being yet another serious concern has been overlooked so far. In fact, causing instability can be a good tactical approach by the adversary to disturb the well-established stability certificates in microgrids, which have been formalized based on the physical manifestations [26].
In this regard, the stability boundaries of microgrids due to cyber-physical interactions are already investigated in [27] and [28]. However, these stability studies are only limited to cyber disturbances, such as maximum communication delay, link failure, and packet dropouts, etc. On the other hand, stability studies for resilient controllers in the presence of unbounded cyberattacks has already been carried out in [29] and [30]. However, the design of resilient controllers in itself can be resource demanding in terms of computational complexity and system information. In contrast, the design of detect-and-isolate strategies [24] can be rather simple, scalable, and does not require any system information. Hence, comprehensive ultimate bounded stability definitions for detect-and-isolate based cybersecurity strategies for microgrids need to be outlined. The instability phenomena caused by stealth cyberattacks is introduced briefly in our previous conference paper [31], where the stability analysis of an attacked microgrid is carried out by simple simulation results.
Considering increasing vulnerabilities to cyberattacks as a potential threat in the system, this article envisions on assessing its projections on the stability of dc microgrids. First, a small-signal model of dc microgrids under the presence of stealth cyberattack elements is designed. However, as the modeling of cyberattacks can be indeterminate and unstipulated since it depends on adversary's behavior, we reverse-engineer the problem of stability of dc microgrid by exploiting the borderline conditions of the system due to stealth cyberattacks. Finally, a stabilization input is configured using a previously used cyberattack detection metric in [16], which makes it adaptive. Finally, treating cyberattack as a nonlinear input in the linearized model of dc microgrid, the describing function method is used to certify the system stability based on different magnitude of stealth cyberattack elements allocated by the adversary across the system. This article is organized as follows. Section II depicts the preliminaries of cyber-physical dc microgrid with a clearly defined problem of projections of cyberattacks on the stability of microgrids. In Section III, the modeling and stability analysis of the attacked dc microgrid is carried out. After analyzing the root cause of the stability issue, the design of the proposed adaptive stabilization approach is explained in Section IV. The ruggedness of the proposed solution is tested under various cyber-physical disturbances in Section V and experimentally validated in Section VI. Finally, Section VII concludes this article.  Cyber-physical dc microgrid with N agents (in the networked MG) with the single line structure of the ith agent. Moreover, a cooperative cyber graph is also used to assist the secondary controllers achieve distributed synchronization. Further, a cooperative vulnerability factor (CVF) C i -based detection metric is also highlighted in red [16], which ensures detection of stealth voltage attack elements in dc microgrid. each other. Apart from the physical connection, these agents are linked by communication network to exchange information. The communication network receives and delivers data among agents, providing information for each controller. Each dc/dc converter is managed by inner voltage and current controllers, as shown in Fig. 2. On top, the secondary controller, comprising of an average voltage regulator and current regulator, is used to ensure global voltage regulation and proportionate load sharing by imposing voltage offsets from each layer, respectively.

A. System Preliminaries
In Fig. 2, an undirected cyber graph is considered, where each node represents an agent, also denoted as x = {x 1 , x 2 , . . . , x N } and are linked by edges via an associated adjacency matrix, where the communication weight a ij (from node j to node i) is modeled using the specified law: where E is an edge connecting two nodes, with ψ i and ψ j being the local and neighboring node, respectively. It should be noted that if there is no cyber link between psi i and ψ j , then a ij = 0. Any given agent at ψ i node share current and voltage information with neighbors N i = {j | (ψ j , ψ i ) ∈ E}. The matrix representing incoming information can be given as, Similarly, the matrix representing outcoming information can be given as, Assembling the sending and receiving end information into a single matrix, we obtain the Laplacian matrix L = [l ij ], where l ij are its elements designed using L = D in − A G .
The objective of cooperative control is to regulate the global average voltage and realize load current sharing proportionally. In order to achieve this, the local and neighboring information are used by the secondary voltage and current regulators to adjust the local reference voltage v * i for each converter. This reference is generated using two voltage correction terms, which are responsible for average voltage regulation and proportionate load sharing, respectively, and can be given by whereV i is the estimated average voltage at the i th agent; V dcref is the nominal voltage; δ i is the current mismatch error for the i th agent between the local per-unit and neighbors' per-unit output current. The voltage observer and current regulator blocks in Fig. 2 can be mathematically represented as where τ represents the communication delay between the i th and j th agent and c is the coupling gain. Moreover, I dc i and I dc j , I max dc i and I max dc j are the measured and maximum output currents for the i th agent and j th agent, respectively.
As a result, the local reference voltage V * i for the i th agent considering the two voltage correction terms in (1) and (2) can be denoted by Using the distributed consensus algorithm for a wellconnected cyber graph in microgrid, the system objectives for dc microgrids using (1)-(5) shall converge to

B. Modeling and Detection of Stealth Attacks
Considering the possibility of false data injection attacks via many channels such as sensors, communication links, etc., [18] to disrupt the system objectives in (6), we extend our former studies on cyberattacks on voltages in (3), which can be modeled using where u a ,V denote the vector representation of the attacked control input in (3) and the average voltage, respectively. κ is a binary variable, which denotes the presence of cyberattack element by 1, or otherwise. Moreover, X a = [λ i ], ∀i ∈ N , is a matrix with the false data λ i for the ith agent. It is worth notifying that the system is not under attack, when X a = 0. Basically, the second term in (7) represents the distribution of attack elements in dc microgrid, where the attacker may inject any positive valued λ i into any agent. In simple terms, these elements can either be injected into either the measured values/sensors or the inputs/communicated values. Further, W = [w ij ] denotes a row-stochastic matrix with its elements, given by Remark I: Based on the nature of the row-stochastic matrix W in (8), the cyberattack model in (7) automatically becomes stealth as WX a = 0. However, it should be noted that the stealth cyberattacks modeled using Remark I will only adhere to (7), if and only if X a is bounded, such that the following holds true: (9) where V dc min and V dc max denote the vector representation of minimum and maximum threshold for output voltages, respectively. To detect the presence of these cyberattack elements in the system, a cooperative vulnerability factor (CVF) C i -based attack detection metric for the i th agent has already been proposed in [16], which can be mathematically represented as where h i is a positive constant; ΔV 1i and ΔV 1j are the voltage correction term from voltage observer (as shown in Fig. 2) in the i th and j th agent, respectively. Using the law of consensusability to be followed uniformly for each control layer, it has been validated theoretically in [32] that the control outputs from the secondary control layer not in consensus suggest the presence of cyberattacks in the input signals of these control layers. Using (10) as the basis of cyberattack identification, the following principle is used to certify the presence of cyberattack element in the i th agent, if: However, the constraint in (9) may not be available as an information with the adversary. In this case, an instinctive course of action from the adversary could be to inject unbounded cyberattack elements. This will trigger instability and needs to specific attention. On the other hand, it will not only affect the decision-making process of the available cybersecurity technologies, but will also put forth questions on the existing stability definitions in a networked system. To provide a clear understanding, a case study is carried out in a dc microgrid with N = 3 agents in Fig. 3 to demonstrate how unbounded attacks can be responsible for instability. In Fig. 3(a), it can be seen that when a stealth cyberattack is conducted on agents I and III at t = 1 s with its magnitude λ being 15 V, the currents are anyway being proportionately shared. However in Fig. 3(b), when a stealth attack with the magnitude λ increased to 28 V, the microgrid becomes unstable with sustained oscillations. These oscillations will not only affect their reliability of operation, but will also forbid any possible mitigation approaches, which has been illustrated in Fig. 4. Performance of cooperative vulnerability factor (CVF)-based detection metric for the stealth attack in Fig. 3(b), the oscillating behavior of C 3 will forbid the mitigation to take place as it goes below zero almost periodically. Fig. 4, where the oscillating detection trajectory of C 3 around the zero point unconditionally proceeding to the mitigation stage. Hence, an adversary with limited resources, system information and minimal effort can curate a cyberattack A 1 in Fig. 1, which has the same system impact and potential to disarm the existing cybersecurity technologies for microgrids.
Apart from the well-known security risks, instability problem arising from the cybersecurity perspective carries an elementary significance for future research. If the origin behind oscillations in dc microgrid cannot be speculated, the established stability certificates in microgrids need reinvestigation. Hence, this article provides a generalized approach for the first time to investigate the projection of cyberattacks on the stability of dc microgrids. First, we explain the modeling of stealth attacks and its inclusion principles into the small-signal model of a dc microgrid. Second, using the cyberattack element as a nonlinear input, we extend the describing function (DF) method to understand the origins of instability. Finally, we propose the adaptive stabilization scheme using the positive-definite detection metric in (11) to mitigate the unstable state caused by cyberattacks. This has been discussed in detail in the next section.

A. Modeling of Attacked DC Microgrid
A detailed model of a dc microgrid under stealth cyberattacks needs to be established. The FDI attacks are usually introduced into the control systems using many well-defined intrusion approaches. As theoretically validated and concluded in [16], injecting a balanced set of zero sum attacks into different voltage references will not affect the steady-state performance of the microgrid. However, the mechanism behind the cause of instability due to unbounded stealth attack is unclear because of the lack of modeling generalization.
For a step change in the the false data X a in (7), u a can be regarded as a discontinuous variable related to time. As a result, this attack will introduce a set of nonlinear input vectors into dc microgrid, thereby making it difficult to use the conventional small-signal stability analysis. Moreover, in a networked dc microgrid, cyberattack detection using (7) is an essential part, which corresponds to different nonzero values for various magnitudes of cyberattack elements. In this article, an estimate of the nature of the cyberattack has been reverse engineered using the magnitude of C i for mitigating the instability effectively. Hence, the model of detection part is also taken into consideration here. Hence, it is clear that the model of a networked dc microgrid can be segregated into two parts, one being nonlinear, which typically includes only the cyberattack input; and the other being linear.
In order to distinguish the positive and negative false data, the detection factor in (10) is rewritten as And the criterion for the detection of the attacked nodes can be given as By exploiting the distributed synchronization law [18] under stealth cyberattacks, LV = 0. Using (13), we can employ the sign function to represent a balanced set of zero sum attacks, which is given by where u a ∈ R N ×1 denotes the input attack vectors and F = [(f 1 ), (f 2 ), . . . , (f N )] T denotes the vectors of simplified detection factors.
Before attaining the global model of the attacked dc microgrid, the expressions of the linear part are analyzed. In secondary controller, upon injection of stealth attacks, the average voltage estimated values will be affected, and can be represented as Then, the two voltage correction terms in (1) and (2) can be expressed as where t))dt; V * (t) and I L (t) denote the column vectors of the local voltage references in (5) and inductor currents, respectively. K V P and K V I are diagonal matrices with PI controller gains to compensate the local voltage error while K I P and K I I are diagonal matrices with PI controller gains to compensate the local current error. F m is the diagonal matrix of modulator gains; T s is the diagonal matrix of switching periods for N converters.
Further, the representation for dc/dc buck converters as well as transmission lines can be given by where V in (t) and I load denote the column vector of input voltages and load currents from each agent; V br (t) and I br ( Finally, (16)- (19) are perturbed and separated into steady state and small signal equations. Neglecting the higher order terms in the small-signal equations, the model of linearized part for the dc microgrid with N agents is given by The complete model of dc microgrid in (20) can then be translated to the s-domain. In the small-signal diagram shown in Fig. 11

B. Stability Analysis of Attacked DC Microgrid
As it can be seen in Fig. 11, the global model of attacked dc microgrid includes a nonlinear and a linear part. As a result, the small-signal stability analysis is not feasible anymore. Hence, the describing function (DF) method [33] is adopted in this article to investigate the stability of microgrid under the presence of cyberattacks. This method is one of the most effective tools present in the literature, which linearize the nonlinear system for average variables using the equivalent gain theory [34]. It is an efficient frequency domain tool to study the stability of discontinuous nonlinear elements. The basic philosophy involves obtaining an output with the first harmonic component when the nonlinear function is conjoined with a sinusoidal input x = Asin(ωt). We consider the first harmonic component of the output of the nonlinear element based on the following hypothesis: 1) the nonlinear part is odd-symmetric; 2) the linear part is low-pass which holds true for the considered case study in Fig. 5. Denoting the approximate transfer function of the nonlinear part as N A , the whole system can be roughly transformed into a linear system in the frequency domain with a variable gain amplifier N A , as shown in Fig. 6. Therefore, the system with a nonlinear input can be approximately transformed into a linear system in the frequency domain with a variable gain amplifier N A [33]. By checking the relationships between −1/N A and the linear part G(s) as shown in Fig. 7, the stability of the system can be adjudged. We exploit the model of stealth cyberattacks in (14) as sign functions to extend our analysis. According to the definition, the DF of the sign function can be given by Moreover, according to the small signal diagram shown in Fig. 11, the transfer function of the linear part can be deduced, which can be given by (22) where    Nyquist criteria using the Cauchy's principle can be depicted as follows.
1) If -1/N A is not encircled by the contour of G(s), the system is stable [as shown in Fig. 7(a)].
2) If -1/N A is encircled by the contour of G(s), the system is unstable [as shown in Fig. 7(b)].
3) For the system to be critically stable, -1/N A should intersect with G(s) such that the oscillation amplitude A osc and frequency ω osc is given by [as shown in Fig. 7(c)] where G(jω) = G r (ω) + jG i (ω).
Using (21) and (22), the stability boundaries of the system were investigated for various magnitude of cyberattacks in (7), which triggered instability caused due to the proportional gain in H i PI . One of the fundamental causes behind this instability could be ascribed to the interactions between converters arising due to lower attenuation properties from the controller when  Fig. 1--this mechanism ensures that the equipped cybersecurity technologies [24], [29] operate impartially. the voltage references are abruptly changed. Hence, the overall damping of the system is affected. This has been validated in Fig. 9(a) for a dc microgrid with N = 3 agents, where the stability margin improves as K H 2 p is increased under the presence of cyberattacks. With a smaller value of K H 2 p = 1, the intersected region is also small in Fig. 9(a) whereas with a relatively larger value of K H 2 p , it can be seen that −1/N A & G(s) have no intersection. Further, −1/N A is not surrounded by G(s), which indicates that the instability caused by cyberattacks is eliminated. As a result, this problem outlines the need of an adaptive feedforward input, where the adaptive behavior needs to be enforced, only if the cyberattacks are present. Hence, it becomes the basis of the design of the proposed stabilization approach, which is discussed in the next section.

IV. PROPOSED ADAPTIVE STABILIZATION APPROACH
In this section, we will discuss about the design of the proposed stabilization approach. As outlined in the previous section, the origin of instability ascends from an improper design of the proportional gain of the current regulator K H 2 P . As a result, the system damping is affected. This provides a favorable condition to vary K H 2 P in the secondary layer during cyberattacks. Hence, a novel adaptive gain mechanism is proposed in this article, which exploits the positive-definiteness of the cooperative vulnerability factor C i in (11) during attacks. As a result, when a stealthy group of cyberattack elements of any magnitude is injected into dc microgrid, the adaptive proportional gain of the current regulator will be given by where K a is a positive gain and K H 2 P in is the previously set value of the proportional gain in the current regulator. Moreover, F is directly proportional to the magnitude of cyberattack elements, which has already been established in [16]. As a result, a feedforward input from the cyberattack detection metric is introduced as an adaptive term in (25) to solve stability issues in microgrids arising from cyberattacks. Upon substituting (25) in (20), the current regulator output can be rewritten as Using (26), the system stability will now be investigated under different operating conditions. As the communicated signals into the ith agent in (26) will always be received with a time delay τ , the stability of the networked dc microgrid will be affected when this delay exceeds a certain value. This has been studied in Fig. 9(b), where the system performance is evaluated for different values of communication delay τ . It can be seen that with the introduction of communication delay, the system goes into an unstable condition using Remark II as τ is increased. This is quite evident as there is no intersection between the linear trajectory and the nonlinear setpoint, which indicates that the system grows unstable with increasing τ . The stability framework outlined in Remark II will now be used to investigate the system stability under stealth cyberattacks for different operating conditions in dc microgrids. A clear description of the step-by-step design procedure of the proposed countermeasure has been provided in the flowchart in Fig. 8.
Before subjecting to the describing function method-based analysis, the bode plot of linear part of the system is first studied in Fig. 9(c). In Fig. 9(c), the peak value of K a = 1 is larger than the peak value of K a = 3, which means that the overshoot will be larger when K a = 1. Moreover, the bandwidth of using K a = 1 is larger than that of using K a = 3, which adjudges that the transient performance for K a = 1 is better. Therefore, a design tradeoff of K a has to be instinctively comprehended between the overshoot in voltages and converter's transient performance during cyberattacks.
In Fig. 10(a), it can be seen that −1/N A is intersected by G(s), which indicates that the system is unstable. With the decrease in load, it can be seen that the intersection region becomes larger, thereby making the system more unstable. This confirms our assertion on low system damping contributing to this instability. Furthermore, it is observed from Fig. 10(b) that with λ = 25, the considered dc microgrid almost becomes unstable upon examining the relationship between −1/N A and G(s) in Remark II. With the increase in the value of λ, the intersection region becomes even larger, leading to further instability. Hence, it can be concluded that an attacked dc microgrid is highly vulnerable to instability under low loading levels and large values of stealth cyberattacks. In Fig. 10(c), the impact of communication delay on microgrid stability during cyberattacks is investigated, while the proposed stabilization approach is active. With different values of τ and the proposed stabilization approach active with K a = 2, the Nyquist diagrams in Fig. 10(c) suggest that the system is always stable, since there is no intersection between the linear part and nonlinear part.
After conducting numerous simulations, it can be seen in Fig. 11(a) that when the global voltage reference is varied from 45 to 315 V with D = 0.3, the difference among the values of λ, which make the system unstable is quite small. In Fig. 11(b), it can be concluded that when the stabilization gain K a is very small, i.e., 0.1, the provided stabilization function cannot fully eliminate the instability caused by a large valued λ. In addition, the stability region of λ-K a for dc microgrid in Fig. 11(c) with more converters will be narrower than others, which means it will take larger value of K a to destabilize a microgrid with more converters. Fig. 11(d) indicates that with smaller K H 1 p in voltage observer, the microgrid with the proposed stabilization method  is more likely to be stable against the stealth attacks. Hence, K a needs to be selected appropriately considering the abovementioned factors to ensure adaptive stabilization for any given λ.

V. SIMULATION RESULTS
The proposed stabilization approach is tested on cyberphysical dc microgrid, as shown in Fig. 2 with N = 3 converters for a global reference of 315 V. Each agent of equal power capacity (10 kW each) comprising of a dc source and dc/dc buck converter operate to regulate the output voltage to a local reference value of V * i at their respective buses. First, its performance is gauged under stealth attacks for different values of K a . Then, its performance is validated under large and random communication delay between the converters, which explicitly affects the stability of microgrids. The simulated plant and control parameters are provided in the Appendix.
In the first scenario, the performance of dc microgrids is tested in Fig. 12 under the presence of stealth cyberattack (with a magnitude of λ = 32 V in converters I and III) with and without the proposed stabilization approach. In Fig. 12(a), once the stealth attack is initiated at t = 2 s, the microgrid immediately becomes unstable with oscillating currents from each source. It should be noted that the proposed stabilization approach is absent in Fig. 12(a). However, when it is introduced in Fig. 12(b) and (c), it can be seen that the stabilization update K a F for the attacked converters vary for the same attack magnitude, owing to different stabilization gains K a . Furthermore, the adaptive behavior of this update can be ascribed to the cyberattack detection metric F, which varies proportionately in relation with λ. It can be seen that as K a increases, the dynamic response with reduced overshoots. Although the settling time increases with increasing K a , it can not be a governing factor since secondary control layer typically demands steady-state error convergence in order of few seconds.
In the second scenario, the performance of dc microgrids is tested in Fig. 13 under the presence of stealth cyberattacks and a communication delay of 150 ms. Since time delay in exchange of information between converters already affects the stability of microgrids, the presence of cyberattack may further trigger  this problem and may cause instability even for a small delay. In fact, this aspect has been validated in Fig. 13(a) that even for a delay of 150 ms, stealth cyberattack (introduced as a step change) has made the system unstable by causing an oscillatory behavior. It is worth notifying that the time-delay stability of the same system guarantees stability up to a communication delay of 325 ms without cyberattacks [27]. However, when the proposed stabilization approach (K a = 15) is activated in Fig. 13(b), it can be seen that the system operates normally with the current being shared proportionately and the voltages regulated as per the dynamic consensus principle. It is intuitive that with the increase Fig. 14. Performance of dc microgrid when converter III is plugged out at t = 3 s under the presence of stealth attacks with K a assigned to 10-the proposed adaptive stabilization approach is able to manage large-signal disturbances. in the stabilization gain K a , the dynamic response is improved. However in Fig. 13(c), it has been shown that high-frequency oscillations arise when the value of K a is increased to 45. As a result, we can conclude that the design of the stabilization gain should always be limited within a defined value, which can be calculated using the time-delay stability analysis of (20). This aspect has not been discussed in this article for the purpose of brevity.
In the third scenario, the plug-and-play capability of the dc microgrid with the proposed stabilization approach is tested. The idea behind doing so is to investigate its response for a large-signal disturbance. In Fig. 14, it can be seen that in addition to its stabilization properties under stealth cyberattacks,  the proposed stabilization approach provides robust operation, when converter 3 is plugged out of the microgrid at t = 3 s. As a consequence, the remaining converters share the load equally, as their output current rise immediately. Moreover, it does not affect the secondary voltage controller, as the average voltages are still regulated to the global reference of 315 V.

VI. EXPERIMENTAL RESULTS
The proposed stabilization approach has been experimentally validated in a dc microgrid operating at a voltage reference V dcref of 48 V with N = 2 buck converters, as shown in Fig. 15. A single line diagram of the experimental setup is also shown in Fig. 16. Both the converters are tied radially to a programmable load (voltage-dependent mode). Each converter is controlled by dSPACE MicroLabBox DS1202 (target), with control commands from the ControlDesk from the PC (host). Using the local and neighboring measurements, the proposed stabilization approach shown in Fig. 2 is incorporated into both the distributed controllers to mitigate the stability and cybersecurity concerns, simultaneously. The experimental testbed parameters are provided in Appendix.
First, we investigate its performance on a simulation replica of the experimental setup in Fig. 15. It can be seen in Fig. 17 that when a stealth cyberattack (with a magnitude λ of 18 V) is injected simultaneously into both converters at t = 2 s, oscillations occur. However, when the stabilization method is introduced at t = 3 s, the instability is mitigated, which illustrates that the stabilization method is adapted in a wide range of power applications. In Fig. 18(a), the instability problem due to stealth cyberattack is first validated, where the output current start oscillating when the stealth cyberattack (with a magnitude λ of 18 V) is injected simultaneously into both converters. It is worth notifying that the proposed stabilization approach is not active in Fig. 18(a). Carrying on with the same stealth  cyberattack scenario in Fig. 18(a) where the currents and voltages are oscillating, the stabilization update when activated in Fig. 18(b) not only mitigates the oscillations but also provides good dynamic performance under physical disturbances later.
This has been validated in Fig. 18(b) and (c), where the system operates normally even under load changes and presence of the cyberattack A 1 . It is worth notifying that the adaptive feedforward update can be extended to mitigate unstable modes induced by any class of FDIAs, which has been theoretically validated in Section IV. As a result, it has been guaranteed that the proposed stabilization approach not only mitigates the instability caused by cyber intrusions but also contributes to the previously defined cybersecurity framework of microgrids. From an implementation perspective, this mechanism can be introduced as a plug-and-play tool alleviating the commercialization in practical field applications.

VII. CONCLUSION
As cyberattacks affect the operation and stability of cyberphysical microgrids, it is increasingly important to assess the threat from a security as well as stability perspective, simultaneously. Hence, this article first analyzes the limited resources problem of cyberattacks, which has the potential of causing a big impact on the system. It has been identified that a carefully curated pair of cyberattack (without much disruption resources) can not only compromise the system security but can also make it unstable. This kind of instability clearly diverges from the established stability definitions and certificates for microgrids. To address this gap, this article provides the modeling principles of such cyberattacks, which directly affects the system stability. It has been analyzed using the describing function method to reveal the cause of instability and then establish an adaptive stabilizing mechanism. Since cyberattacks highly contribute to this problem, the cyberattack detection metric is used to provide a stabilizing effect and adapting its behavior accordingly as per the magnitude of cyberattack. Alongside theoretical analysis, its rugged performance is tested in simulation and then validated in an experimental prototype. Since the predefined cyberattack detection metric is exploited directly in the adaptive feedforward update for mitigating stability and security issues, it can be readily introduced as a plug-and-play tool for commercialization purposes. Further focus will be provided on investigating the sensitivity analysis of the adaptive gain with respect to different system parameters, topologies, and operating conditions. We further aim to investigate to model high resolution approaches to investigate instability due to DoS attacks.

A. Simulation Parameters
The considered system consists of three converters rated equally for 10 kW. It is to be noted that the line parameter R ij is connected from the i th agent to the j th agent. Moreover, the controller gains are identical for each converter.

B. Experimental Testbed Parameters
The considered system consists of two sources with the converters rated equally for 600 W. It should be noted that the controller gains are consistent for each converter.