Securing Virtual Power Plants: Attack Vector Analysis of Cybersecurity Vulnerabilities in Ancillary Grid Services

Abstract:
Virtual Power Plants (VPPs) have emerged as critical infrastructure for grid stability, aggregating diverse Distributed Energy Resources (DERs) to provide essential ancillary services, including frequency regulation, voltage support, and emergency response capabilities.
However, the technical requirements that enable VPPs to deliver these time-critical services simultaneously create unique cybersecurity vulnerabilities that distinguish them from traditional power generation and conventional smart grid systems.
This paper establishes systematic connections between VPP technical requirements and cybersecurity threats through the integrated application of NIST and MITRE frameworks.
The objective is to reveal critical threats specifically pertaining to ancillary services, comprehensive attack vector classification using MITRE ATT&CK techniques adapted for VPP environments, and mitigation strategies that maintain operational performance while addressing identified vulnerabilities.
Published:
16 October 2025
RAISE Affiliate:
Spoke 3
Name of the Journal:
IEEE Open Journal of the Industrial Electronics Society
Publication type:
Contribution in journal
DOI:
10.1109