Abstract
Microgrid systems have gained significant prominence as compelling platforms for investigating and validating advanced power system operations due to their inherent flexibility and resilience. However, such systems are susceptible to complex cybersecurity risks that require proactive and robust defense mechanisms. Failure to address these vulnerabilities can severely undermine the coordination and power-sharing mechanisms among distributed generators (DGs). This paper introduces a cyber-physical emulation of an existing microgrid at the University of St. Thomas with its overlaid synthetic cyber network to evaluate its vulnerabilities and strengthen its security. Unlike previous testbeds that focus primarily on single-layer analysis or simplified attack models, our framework uniquely integrates real-world microgrid specifications with comprehensive cyber network emulation, enabling the first systematic evaluation of complex multi-stage attacks on operational microgrids using industry-standard protocols and structured adversarial techniques. Our results reveal that correlation analysis identified critical attack relationships. Implementing these focused security measures shows a reduction in attack success rates by 64% and improved system recovery time following disruptions, demonstrating the framework's effectiveness for enhancing microgrid resilience. Different threat scenarios, guided by the MITRE ATT&CK framework, are implemented to systematically assess the system's susceptibility to cyberattacks. Additionally, the Distributed Network Protocol 3 (DNP3) is leveraged to collect data in the form of DNP3 objects, enabling effective monitoring and control within this threat simulation. Our findings demonstrate the enhanced resilience of the microgrid when subjected to various cyber threats. Furthermore, it highlights how the proposed methodology can be scaled to safeguard larger power systems.