Research Article
Free to Read
A Structured Framework for Cybersecurity Assessment of Microgrids and Nanogrids
1
Department of Intelligent Technology in Industry, Faculty of Computer Systems and Technologies, Technical University of Sofia, 1000 Sofia, Bulgaria
2
Department of Computer Systems, Faculty of Computer Systems and Technologies, Technical University of Sofia, 1000 Sofia, Bulgaria
3
Department of Cybersecurity, Faculty of Computer Systems and Technologies, Technical University of Sofia, 1000 Sofia, Bulgaria
* Corresponding Author:
Nikolay Hinov,
[email protected]
Volume 2, Issue 2
2026
Received: 12 March 2026
Accepted: 24 March 2026
Published: 08 April 2026
Article Information
Volume/Issue
Volume 2, Issue 2, 2026
Pages
58-71
Abstract
Microgrids and nanogrids are increasingly deployed to support decentralized generation, local resilience, and renewable integration. However, their growing reliance on digital control, communication networks, cloud services, and IT–OT integration exposes them to diverse cybersecurity threats. Unlike traditional utility-scale systems, microgrids and nanogrids often operate under resource constraints, heterogeneous architectures, and limited cybersecurity expertise, making direct application of large-scale security frameworks impractical. This paper proposes a structured cybersecurity assessment framework for small- and medium-scale energy systems, supporting systematic risk identification, evaluation, and prioritization. The framework combines architectural inventory, trust-boundary analysis, threat modeling, and maturity-based assessment across six domains: governance and risk management, identity and access management, network and communication security, control-system and device security, monitoring and incident response, and physical security. Emphasis is placed on proportionality, repeatability, and actionability, enabling application across diverse operational contexts without excessive burden. An illustrative application to a campus microgrid and building nanogrid demonstrates how the framework assesses cybersecurity posture, identifies critical vulnerabilities, and defines staged mitigation roadmaps. Results indicate that a structured, context-aware assessment approach significantly improves cybersecurity awareness, investment prioritization, and resilience-oriented decision-making in decentralized energy environments. The framework offers a practical foundation for operators, designers, and policymakers seeking to enhance micro- and nanogrid security and resilience.
Graphical Abstract
Keywords
cybersecurity
microgrids
nanogrids
IT/OT security
threat modeling
maturity assessment
smart inverters
resilience
Data Availability Statement
Data will be made available on request.
Funding
This work was supported by the Bulgarian National Scientific Fund under Grant KP-06-M87/2/06.12.2024 for the project “Optimization of energy consumption in small and medium enterprises based on micro and nano grids”.
Conflicts of Interest
The authors declare no conflicts of interest.
AI Use Statement
The authors declare that no generative AI was used in the preparation of this manuscript.
Ethical Approval and Consent to Participate
Not applicable.
References
- Stouffer, K. A., Pease, M., Tang, C., Zimmerman, T., Pillitteri, V. Y., Lightman, S., ... & Thompson, M. (2023). Guide to Operational Technology (OT) Security.
[CrossRef] [Google Scholar] - MITRE. (2026). ATT&CK® for ICS: Techniques. Retrieved from https://attack.mitre.org/techniques/ics/ (accessed: Jan. 2026).
[Google Scholar] - ISA Global Cybersecurity Alliance (ISAGCA). (2020). Quick Start Guide: An Overview of ISA/IEC 62443 Standards—Security of Industrial Automation and Control Systems.
[Google Scholar] - Pascoe, C., Quinn, S., & Scarfone, K. (2024). The NIST cybersecurity framework (CSF) 2.0.
[CrossRef] [Google Scholar] - Pillitteri, V., & Brewer, T. (2014). Guidelines for smart grid cybersecurity (NIST Interagency/Internal Report (NISTIR)). National Institute of Standards and Technology, Gaithersburg, MD. In Guidelines for smart grid cybersecurity. NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology.
[CrossRef] [Google Scholar] - McCarthy, J., Marron, J., Faatz, D., Rebori-Carretero, D., Wiltberger, J., & Urlaub, N. (2024). Cybersecurity for smart inverters: Guidelines for residential and light commercial solar energy systems (No. NIST Internal or Interagency Report (NISTIR) 8498 (Withdrawn)). National Institute of Standards and Technology.
[CrossRef] [Google Scholar] - Powell, C., Hauck, K., Sanghvi, A. D., Hasandka, A., Van Natta, J., & Reynolds, T. L. (2019). Guide to the distributed energy resources cybersecurity framework (No. NREL/TP--5R00-75044). National Renewable Energy Laboratory (NREL), Golden, CO (United States). Retrieved from https://docs.nrel.gov/docs/fy20osti/75044.pdf (accessed: Jan. 2026).
[Google Scholar] - Veitch, C. K., Henry, J. M., Richardson, B. T., & Hart, D. H. (2013). Microgrid Cyber Security Reference Architecture (V. 1.0) (No. SAND--2013-5472). Sandia National Lab.(SNL-NM), Albuquerque, NM (United States).
[CrossRef] [Google Scholar] - U.S. Department of Energy. (2021). Cybersecurity Capability Maturity Model (C2M2) (Version 2.0). Retrieved from https://www.energy.gov/ceser/downloads/cybersecurity-capability-maturity-model-c2m2-version-20
[Google Scholar] - Zhang, Z., Turnbull, B., Kermanshahi, S. K., Pota, H., Damiani, E., Yeun, C. Y., & Hu, J. (2025). A survey on resilient microgrid system from cybersecurity perspective. Applied Soft Computing, 175, 113088.
[CrossRef] [Google Scholar] - Chen, J., Yan, J., Kemmeugne, A., Kassouf, M., & Debbabi, M. (2025). Cybersecurity of distributed energy resource systems in the smart grid: A survey. Applied Energy, 383, 125364.
[CrossRef] [Google Scholar] - Li, Y., & Yan, J. (2023). Cybersecurity of Smart Inverters in the Smart Grid: A Survey. IEEE Transactions on Power Electronics, 38(2), 2364–2383.
[CrossRef] [Google Scholar] - Karumba, S., Chau, S. C. K., Pearce, H., Ahmed, M., & Janicke, H. (2024, June). Systematic study of cybersecurity threats for smart inverters. In Proceedings of the 15th ACM International Conference on Future and Sustainable Energy Systems (pp. 669-675).
[CrossRef] [Google Scholar] - Tuyen, N. D., Quan, N. S., Linh, V. B., Tuyen, V. V., & Fujita, G. (2022). A Comprehensive Review of Cybersecurity in Inverter-Based Smart Power System Amid the Boom of Renewable Energy. IEEE Access, 10, 35846–35875.
[CrossRef] [Google Scholar] - International Electrotechnical Commission. (2013). IEC 62443-3-3:2013, Industrial communication networks—Network and system security—Part 3-3: System security requirements and security levels. IEC Webstore. Retrieved from https://webstore.iec.ch/en/publication/7033
[Google Scholar] - International Electrotechnical Commission. (2020). IEC 62351-6:2020, Power systems management and associated information exchange—Data and communications security—Part 6: Security for IEC 61850. IEC Webstore. Retrieved from https://webstore.iec.ch/en/publication/63742
[Google Scholar] - Guerrero, J. M., Vasquez, J. C., Matas, J., De Vicuña, L. G., & Castilla, M. (2010). Hierarchical control of droop-controlled AC and DC microgrids—A general approach toward standardization. IEEE Transactions on industrial electronics, 58(1), 158-172.
[CrossRef] [Google Scholar] - Stanchev, P., Hinov, N., & Zlatev, Z. (2025). A Model for Assessing the Degree of Digitalization in Electric Power Networks. ICCK Transactions on Electric Power Networks and Systems, 1(2), 93–108.
[CrossRef] [Google Scholar]
Cite This Article
APA Style
Stanchev, P., Hinov, N., Salimov, A., Ziulqmova, B., & Redjeb, A. (2026). A Structured Framework for Cybersecurity Assessment of Microgrids and Nanogrids. ICCK Transactions on Electric Power Networks and Systems, 2(2), 58–71. https://doi.org/10.62762/TEPNS.2026.258528
Export Citation
RIS Format
Compatible with EndNote, Zotero, Mendeley, and other reference managers
TY - JOUR AU - Stanchev, Plamen AU - Hinov, Nikolay AU - Salimov, Atakan AU - Ziulqmova, Bulbul AU - Redjeb, Adnan PY - 2026 DA - 2026/04/08 TI - A Structured Framework for Cybersecurity Assessment of Microgrids and Nanogrids JO - ICCK Transactions on Electric Power Networks and Systems T2 - ICCK Transactions on Electric Power Networks and Systems JF - ICCK Transactions on Electric Power Networks and Systems VL - 2 IS - 2 SP - 58 EP - 71 DO - 10.62762/TEPNS.2026.258528 UR - https://www.icck.org/article/abs/TEPNS.2026.258528 KW - cybersecurity KW - microgrids KW - nanogrids KW - IT/OT security KW - threat modeling KW - maturity assessment KW - smart inverters KW - resilience AB - Microgrids and nanogrids are increasingly deployed to support decentralized generation, local resilience, and renewable integration. However, their growing reliance on digital control, communication networks, cloud services, and IT–OT integration exposes them to diverse cybersecurity threats. Unlike traditional utility-scale systems, microgrids and nanogrids often operate under resource constraints, heterogeneous architectures, and limited cybersecurity expertise, making direct application of large-scale security frameworks impractical. This paper proposes a structured cybersecurity assessment framework for small- and medium-scale energy systems, supporting systematic risk identification, evaluation, and prioritization. The framework combines architectural inventory, trust-boundary analysis, threat modeling, and maturity-based assessment across six domains: governance and risk management, identity and access management, network and communication security, control-system and device security, monitoring and incident response, and physical security. Emphasis is placed on proportionality, repeatability, and actionability, enabling application across diverse operational contexts without excessive burden. An illustrative application to a campus microgrid and building nanogrid demonstrates how the framework assesses cybersecurity posture, identifies critical vulnerabilities, and defines staged mitigation roadmaps. Results indicate that a structured, context-aware assessment approach significantly improves cybersecurity awareness, investment prioritization, and resilience-oriented decision-making in decentralized energy environments. The framework offers a practical foundation for operators, designers, and policymakers seeking to enhance micro- and nanogrid security and resilience. SN - 3070-2607 PB - Institute of Central Computation and Knowledge LA - English ER -
BibTeX Format
Compatible with LaTeX, BibTeX, and other reference managers
@article{Stanchev2026A,
author = {Plamen Stanchev and Nikolay Hinov and Atakan Salimov and Bulbul Ziulqmova and Adnan Redjeb},
title = {A Structured Framework for Cybersecurity Assessment of Microgrids and Nanogrids},
journal = {ICCK Transactions on Electric Power Networks and Systems},
year = {2026},
volume = {2},
number = {2},
pages = {58-71},
doi = {10.62762/TEPNS.2026.258528},
url = {https://www.icck.org/article/abs/TEPNS.2026.258528},
abstract = {Microgrids and nanogrids are increasingly deployed to support decentralized generation, local resilience, and renewable integration. However, their growing reliance on digital control, communication networks, cloud services, and IT–OT integration exposes them to diverse cybersecurity threats. Unlike traditional utility-scale systems, microgrids and nanogrids often operate under resource constraints, heterogeneous architectures, and limited cybersecurity expertise, making direct application of large-scale security frameworks impractical. This paper proposes a structured cybersecurity assessment framework for small- and medium-scale energy systems, supporting systematic risk identification, evaluation, and prioritization. The framework combines architectural inventory, trust-boundary analysis, threat modeling, and maturity-based assessment across six domains: governance and risk management, identity and access management, network and communication security, control-system and device security, monitoring and incident response, and physical security. Emphasis is placed on proportionality, repeatability, and actionability, enabling application across diverse operational contexts without excessive burden. An illustrative application to a campus microgrid and building nanogrid demonstrates how the framework assesses cybersecurity posture, identifies critical vulnerabilities, and defines staged mitigation roadmaps. Results indicate that a structured, context-aware assessment approach significantly improves cybersecurity awareness, investment prioritization, and resilience-oriented decision-making in decentralized energy environments. The framework offers a practical foundation for operators, designers, and policymakers seeking to enhance micro- and nanogrid security and resilience.},
keywords = {cybersecurity, microgrids, nanogrids, IT/OT security, threat modeling, maturity assessment, smart inverters, resilience},
issn = {3070-2607},
publisher = {Institute of Central Computation and Knowledge}
}
Article Metrics
Publisher's Note
ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and Permissions
Institute of Central Computation and Knowledge (ICCK) or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Preserved at
Portico
Portico
Scan to read this article