The Dark Side of Flexibility: How Aggregated Cyberattacks Threaten the Power Grid
Daniel Myrén, Zeeshan Afzal, Mikael Asplund
TL;DR
The paper analyzes the threat of aggregated cyberattacks on flexible energy resources (FERs) to power-grid frequency stability, highlighting how higher shares of RES and FERs reduce inertia and create exploitable vulnerabilities. It formalizes four attack classes—Static, Switching, Periodic, and Combination—and evaluates their impact using a PowerWorld WSCC $9$-bus model calibrated to Swedish grid conditions, with reference to real incidents. Results show a linear relationship between attack size and frequency deviation for static attacks, while combination and periodic attacks can produce larger, sustained oscillations that stress existing frequency reserves (FFR and FCR); the 2025 FER capacity (~$1747$ MW) and its projected growth to $8000$ MW by 2030 intensify these risks. The findings emphasize the urgent need for stronger detection and mitigation strategies to protect the grid as FER capacity expands and attacks scale from local to national levels.
Abstract
Flexible energy resources are increasingly becoming common in smart grids. These resources are typically managed and controlled by aggregators that coordinate many resources to provide flexibility services. However, these aggregators and flexible energy resources are vulnerable, which could allow attackers to remotely control flexible energy resources to launch large-scale attacks on the grid. This paper investigates and evaluates the potential attack strategies that can be used to manipulate flexible energy resources to challenge the effectiveness of traditional grid stability measures and disrupt the first-swing stability of the power grid. Our work shows that although a large amount of power is required, the current flexibility capacities could potentially be sufficient to disrupt the grid on a national level.