A Survey of Cyber-Physical Power System Modeling Methods for Future Energy Systems

The grid of the future will have a higher penetration of grid edge devices that enable increased automation and grid edge intelligence. The current grid models do not account for these grid-edge devices, and the creation of cyber-physical models for the grid is essential to understand the impact of these devices. Although existing cyber-physical power system (CPPS) models have been developed using a wide variety of approaches, a comprehensive review of the validity of these approaches and their suitability for modeling the future grid has not been performed. In a CPPS, the physical layer usually consists of the power grid and protection devices, whereas the cyber layer consists of communication, computation, and control components. This paper provides a review on the existing approaches to model CPPS and to characterize the inter- and intra-actions for distributed autonomous systems. The CPPS models can then be used to perform various analyses, such as cyberattack analysis, threat analysis, and resilience analysis. A qualitative evaluation criteria for the various modeling paradigm is discussed to help researchers understand the trade-offs in choosing the right modeling method for their particular application.

In other words, there are no clear evaluation criteria that 71 measure the suitability of CPPS modeling choices to the 72 requirements of their analyses. Also, these papers do not 73 consider the evolving transition of CPS in general toward 74 more distributed and autonomous environments, specifically 75 in power systems. They give additional attention to cyber-76 related analysis, including cyberattack modeling, cybersecu-77 rity evaluation, cyber-induced impacts, and cyber vulnerabil-78 ities, while providing less detail on a deeper review of the 79 technical modeling challenges of CPPS; therefore, this paper 80 is tailored to address some of these gaps and provide a guide 81 the community to better understand the trade-offs and design 82 choices in creating CPPS models, especially considering the 83 transition to distributed and autonomous environments. This paper provides a critical and comprehensive review of 86 existing methods and practices for modeling CPPS. It reviews 87 CPPS layers and as well as the corresponding inter-and 88 intra-dependencies within a CPPS. This paper also evaluates 89 current modeling methods based on a well-defined set of 90 criteria that capture CPPS characteristics. This paper will aid 91 in ongoing efforts to perform detailed analysis on CPPS by 92 helping to better understand modeling trade-offs and choices. 93 The papers selected for this literature survey are based on 94 Kitchenham's guidelines [13], with the primary objective to 95 provide a framework/background to appropriately position 96 151 CPPS are the result of integrating measurement sensors, com-152 munication networks, advanced computational technologies, 153 and intelligent automation systems into power grids. The 154 authors of [14] define CPPS as the integration of informa-155 tion and communication technologies (ICTs) into physical 156 systems. In [6], the penetrations of new communication and 157 computational technologies-including cloud computing, the 158 Internet of Things (IoT), and 5G communication systems-159 represent the evolving CPPS. Within an embedded systems 160 scope, CPPS is the integration of computing systems through 161 monitoring and control channels to the physical systems [15]. 162 In the past decade, a significant amount of work has been 163 devoted to the classification, characterization, and interac-164 tion of the cyber-physical layers of the various domains, 165 including medical systems, transportation systems, agricul-166 ture, and power systems [16], [17]. This section summarizes 167 the well-known CPPS models and layers as well as inter-and 168 intra-dependencies among these layers. 169 A. CPPS LAYERS 170 CPPS layers are classified in the existing literature as follows. 171 In [18], two layers-the grid and the cyber layers-were con-172 sidered to study the effect of failures in the control and com-173 putation sub-layers on the stability of power systems. Other 174 layers (e.g., sensing, communication, and protection) were 175 assumed to be functioning perfectly. In the case of failure of 176 the computation layer, system operators are assumed to rely 177 only on the measurements (with no assistance from the com-178 putation layer), whereas a failure of the control layer means 179 only the local automated control is assumed to function. 180 In [19], CPPS were represented by the physical and cyber 181 layer, where the latter provides three computational func-182 tions: wide measurements, protection, and control. In [20], 183 the CPPS layers were classified into two main layers-184 physical and cyber-and a connecting layer, the wide-area 185 monitoring, protection, and control. CPPS layers were been 186 classified into physical, communication, and cyber layers 187 in [21]. The authors of [22] provided a broader classification 188 of CPPS layers: monitoring, control, communication, and 189 physical layers.  Once the distinct layers of a CPPS are defined, the interac-247 tions and dependencies between the layers need to be exam-248 ined. This is discussed next.

250
A dependency in CPPS is a bidirectional relationship between 251 two or more layers such that the state of one layer influences 252 or is correlated to the state of the others. Dependencies in 253 CPPS can be classified as inter-or intra-dependencies based 254 on their scale. Interdependencies refer to interactions taking 255 place between groups (layers), whereas intra-dependencies 256 denote interactions within the same group or layer. Because 257 of the complex integration of ICT to all CPPS components, 258 it is challenging to identify the inter-and intra-dependencies 259 among CPPS layers. This subsection describes various types 260 of dependencies as well as various approaches considered in 261 the literature to model interactions in CPPS.

262
Interactions are usually classified based on the CPPS 263 layers. The authors of [26] provided a detailed guideline 264 and illustration on the interconnections between ICT layers 265 and power systems. The guideline classifies dependencies 266 among CPPS layers into (1) common cause, components of 267 both systems fail because of the same reason, i.e., a sub-268 station impacted by a hurricane; (2) cascading, a failure in 269 modeling approaches. Also, it highlights the main character-325 istics of CPPS and their corresponding impacts on proper 326 modeling. Then, a five-metric evaluation framework is dis-327 cussed to evaluate the fitness of each CPPS modeling method 328 to capture the required characteristics.

329
A. CATEGORIES OF CPPS MODELS 330 Various methods have been provided to present proper 331 CPPS models that describe system heterogeneity, informa-332 tion system characteristics, and information models. The 333 classification process relies on some main factors, includ-334 ing system time characteristics (continuous versus discrete), 335 component characteristics (physical versus cyber), and scope 336 of study or application (assessment, simulation, optimization, 337 etc.). This section provides a quick illustration of the main 338 CPPS categories.

339
The authors of [8] provided three main categories of CPPS 340 modeling: interconnection, interaction, and interdependent 341 modeling, as shown in Fig. 4. The interconnection model-342 ing captures the act of the physical and cyber systems in a 343 distinct manner; whereas the interaction modeling focuses 344 on the effect of both systems on each other. The interdepen-345 dent modeling measures the degree of dependency between 346 both systems. Though it might look difficult to differentiate 347 among the three models, each type focuses on studying CPPS 348 from a different prospective. Note also that interconnection 349 modeling mainly focuses on the component level; whereas 350 interdependent modeling is applied on the system level.

351
In [9], CPPS models are classified according to the fol-352 lowing dimensions: graphical, mechanism, probability, and 353 simulation. In the graphical dimension, graph theory and 354 complex network theory are leveraged. A CPPS model can be 355 converted into a graphical network structure that captures the 356 inner relationship between the network topology parameters 357 and the system behavior. The dynamic behavior between the 358 CPPS and the cyberattack process can be described using 359 FSM models, Petri net models, attack tree models, attack 360 graph models, and state transition diagrams. The mechanism 361 dimension aims to leverage the differential-algebraic equa-362 tions to analyze the relationship between the cyber failures 363 and the power system components. Such models include ana-364 lytical models, dynamic system-based models, hybrid system 365 models, variable structure system models, and multi-agent 366 models. The probability dimension focuses on the role of 367 uncertainties in CPPS models, including the predictability of 368 cyberattacks and the stochastic behavior of cyber and power 369 system components. Finally, the simulation dimension builds 370 a simulation model for experimental analysis.

371
Other studies have provided a simpler classification of 372 CPPS models. In [35], CPPS modeling approaches were 373 classified into: correlation matrix methodology, graph theory, 374 complex network, FSM, mathematical programming, and the 375 cellular automata method. CPPS models were classified into 376 time-driven and event-driven systems in [36]. A more generic 377 classification of CPS models was presented in [37], which 378 VOLUME 10, 2022 frame. Proper CPPS models need to consider the aforemen-414 tioned characteristics of each system and address the interface 415 challenges of integrating cyber with physical systems to pro-416 vide grid applications.

417
These grid applications rely primarily on control and com-418 putations enabled by the ICT infrastructure. In [38], a brief 419 summary of the challenges of security in controlling CPS 420 was provided. First, it is required to design a control policy 421 that ensures the stability of the overall system by considering 422 the large number of spatially distributed system components. 423 Second, comprehensive models of communication networks 424 that properly model limited capacity, random delay, packet 425 loss, and intermittent network connectivity are a must to 426 reduce the impacts of denial-of-service attacks [      In other words, minimal discrepancy should be observed 479 between the studied model and the real-world system. This  The electric power grid can be considered a system of sys-490 tems that spans large numbers of stakeholders. The conven-491 tional power system-comprising generation, transmission, 492 and distribution-has expanded to include customers, opera-493 tion, the energy market, and business services. The capability 494 of CPPS models to capture the distinctive features of these 495 players as well as their dependencies has become a necessity 496 to achieve the smart grid concept. On the other hand, the 497 transition from centralized to distributed generation resources 498 has increased the modeling complexities. Also, the spatially 499 distributed system components have resulted in increased 500 numbers of local control centers. This metric measures the 501 ability of a CPPS model to easily represent the aforemen-502 tioned distributed structure. 503

504
This criterion evaluates the suitability of the model to accu-505 rately capture the system dynamical behavior across various 506 time resolutions. At a fundamental level, the model must be 507 capable of changing from one state to another in response to 508 internal changes and external disturbances, and not remain 509 static across time; however, this criterion evaluates the per-510 formance of the model to accurately represent the changing 511 dynamic behavior of a system not only over a specific time 512 horizon but also over a large variety of system changes. For 513 example, a model that is equally capable of representing 514 slow changes over a number of years and also also capa-515 ble of capturing subsecond dynamics would be ideal. But 516 models come with various trade-offs when evaluating them 517 over various time horizons and this criterion evaluates the 518 flexibility provided by the model to accurately capture both 519 slow changes and subsecond behaviors.

522
Graph theory is one of the most widely used approaches to 523 model CPPS. Graph models provide a proper visualization-524 based approach to capture the relationship between physical 525 and cyber systems. In CPPS graphical modeling, each power 526 system component is assumed to map to a node in the cyber 527 layer. This connection is responsible for transmitting mea-528 surements from the power system to the control cyber layer 529 VOLUME 10, 2022 The main difference between graphical-based modeling

578
The authors of [11] showed the capability of a complex dominance. Also, the structural characteristics of the graph 585 model representing a power grid were presented in [45]. 586 An assessment framework based on system vulnerability and 587 the associated relative variance was presented in [46] to study 588 and assess the hierarchy of complex networks.

590
Many studies have focused on the mapping correlation 591 between the physical graph network G P and the cyber graph 592 network G C . The dependencies in CPPS have been modeled 593 in diverse approaches, including one-to-one mapping [47], 594 [48], [49], [50], one-to-multiple mapping [51], and cluster 595 mapping [52]. The one-to-one mapping between the cyber 596 nodes and the physical nodes is the most commonly used 597 approach, as shown in Fig. 6. In [53], the correlation between 598 networks was not assumed to be one-to-one but rather as a few 599 coupling edges connecting both networks at specific nodes. 600 In [54], one-to-one mapping and two-to-two mapping 601 between the physical and the cyber network was studied. Two 602 strategies were used to reduce CPPS vulnerabilities within the 603 proposed graphical model, including the degree-betweenness 604 interface strategy and the closeness centrality interface strat-605 egy. In [55], a one-to-one mapping between the physical and 606 the cyber networks was proposed considering a spatial rep-607 resentation of CPPS. The inter-dependencies between both 608 layers is represented in four basic failure modes: information 609 edge failure, information node failure, power edge failure, 610 and power node failure. In [56], a one-to-one mapping was 611 leveraged to model CPPS where four types of physical nodes 612 are assumed: generation node, consumer node, distribution 613 node, and transformer node. The presented framework was 614 used to measure the robustness of the CPS graph model 615 following a cascading failure impact.

FIGURE 7. CPPS model based on different communication channels.
A one-to-one mapping was used to model the interde-  The proposed approach can be adopted to larger CPS by 637 adding another communication channel, as shown in Fig. 8.   breakers, switches, control centers, sensors, and breaker actu-648 ators; whereas edges are selected to represent state depen-649 dencies among the various components. Directed links are 650 between nodes to visualize the energy flow and the informa-651 tion flow. Each node is associated with a state governed by the 652 dynamical system equations. Fig. 9 and Fig. 10 visualize the 653 presented CPS graph model on a simple generator substation. 654 The authors of [60] developed a graphical network model 655 by coupling different power grids with a single cyber layer, 656 as shown in Fig. 11. The power system is represented by 657 a undirected graph, and four types of nodes are modeled: 658 supply and load node (SLN), supply node (SN), load node 659 (LN), and neither supply nor load (TN). The communication 660 network is modeled as an undirected graph with three levels 661 of control centers: a regional control center (RCC), an area 662 load dispatch center (ALC), and a local control center (LCC). 663 Two sets of one-way edges are formulated based on the 664 interdependencies represented in Fig. 11.

665
The authors of [61], [62] created a many-to-one-based 666 graphical model using a graph minor where the power sys-667 tem graph is considered to be a graph minor of the cyber 668 graph, as represented in Fig. 12. This approach considers 669 that there are a number of associated cyber components to 670 a single power system component, thus having a many-to-671 one relationship. The cyber and power system graphs still 672 have a bjiective relationship, and the underlying topology for 673 both graphs is preserved by assuming that the power system 674 VOLUME 10, 2022  graph is a graph minor, which means that the power graph is 675 essentially a reduction of the larger cyber graph.

676
A scale-free graph approach was developed in [53]   In [53], a coupling framework between the electrical power 689 network and the natural gas network was presented using 690 graphical models. In [63], a graphical model was presented to 691 model CPPS for state estimation studies. A mapping method-692 ology was provided in [64] to convert an electric power 693 system into a transportation map through graphical methods. 694 The developed transportation map was to solve the economic 695 dispatch problem and the available transfer capability prob-696 lem. The paper suggests leveraging the proposed approach to 697 model similar problems in the cyber layer. In [57], a CPPS 698 graph model was used to mitigate cascading failures of a 699 power network on a communication network via a load-700 shedding mechanism.

701
In [65], a cyber-physical data-fusion framework that inte-702 grates sensor measurements from CPS and a stochastic infor-703 mation fusion algorithm was proposed to detect intrusions 704 and malicious data for enhanced situational awareness. The 705 proposed method leverages graph network methods to create 706 a connectivity matrix between different system hosts that 707 can be used to identify possible attack graphs. The created 708 attack model was converted into a hidden Markov model to 709 determine the attack path at each time instant based on a set of 710 triggered alerts. The connectivity matrix approach was lever-711 aged in [66] for improved contingency analysis of CPPS. The 712 authors of [67] leveraged one-to-one mapping between power 713 buses and phasor measurement units (PMUs) to improve state 714 estimation caused by a joint cyber and physical attack model. 715 The proposed cyber-physical model in [58] was used to 716 assess the vulnerability of CPPS against physical impact [64]. 717 In [60], the presented CPS model was used to formulate a 718 multistate failure model of physical and cyber components 719 for enhanced recovery caused by cascading failures. Recently, there has been increasing interest in the concept 722 of graph homomorphism, especially in the areas of con-723 straint satisfaction problems as applied to graphs such as 724 graph colorings. This has been explored for various applica-725 tions, such as cyber defense mechanisms [68] and sequential 726 decision-making problems. These constraint satisfaction 727 problems applied to graphs rely on techniques that can prop-

759
The authors of [54] stated that one-to-one mapping does not 760 usually capture the whole spectrum of cyber capabilities, and 761 advanced one-to-many and many-to-one coupling provide the dynamic-differential and discrete-difference equations of 782 system components. They also exhibit some limitations for 783 time-varying behavior analysis and studies.

785
These are modeling methods that leverage graph theory 786 approaches on the system-level representation rather than the 787 component-level representation. In other words, nodes of the 788 graph model usually present a system state, and branches of 789 the model capture the transition behavior between system 790 states. These methods are classified into three main cate-791 gories, as shown in Fig. 13.

793
An FSM, or sometimes simply called a state machine model, 794 is a mathematical model that represents the discrete-behavior 795 computational process [73]. In FSM, a list of sequential 796 actions is executed based on a sequence of events to change 797 from one state to another. In other words, an input triggers the 798 system to go from one state to another based on a predefined 799 transition function. In CPPS, transitions occur in the physical 800 layer, in the cyber layer, and between the cyber and physical 801 layers for different triggering events [74].

802
An FSM is a widely used mathematical approach to model 803 the interaction process of a CPPS based on the state descrip-804 tion of the dynamic behavior. It is characterized by the ability 805 to express the limited state and the relationship between tran-806 sitions [75]. A state chart diagram is usually the outcome of 807 applying an FSM, which provides a visualization of the sys-808 tem dynamic behavior. State chart diagrams have been a key 809 factor to analyze the qualitative cyber-physical interactions. 810 FSMs are classified into deterministic and non-811 deterministic based on the problem formulation [8]. An FSM-812 based problem can be represented as follows:  [92]. Two advantages of 892 using this model is their capability to extensively describe all 893 types of attacks from a detection prospective and the possibil-894 ity to define multiple system states based on the CPS safety 895 levels [9]. This model features the adaptability to changing 896 trends in system states and stochastic attack behavior. In [93], 897 a state transition diagram was used to evaluate the reliabil-898 ity of CPPS against communication failures. Also, an auto-899 mated cognition model was introduced in [94], leveraging a 900 semi-MDP to model CPPS for risk assessment.

902
Though FSM models can provide advanced features-903 including composite state, entry and exit actions, state transi-904 tions, and guard conditions-there still exist a few challenges 905 in the process of implementation, including poor reusability, 906 difficult maintenance, and unsuitable quantization.

907
Petri net models are very convenient to capture the 908 condition of the system change and the corresponding conse-909 quences on the system state, but such methods lack the capa-910 bility to provide changes in data values or system attributes. 911 Also, the scalability of Petri net models to large complex 912 systems is still a challenge. As the system size increases, the 913 computational time exponentially increases as a results of the 914 increased environment restrictions.
where P T and P G are the mechanical and electrical powers 969 of the turbine and the generator, respectively; J G , D G , and 970 T g are the moment of inertia, the damping factor, and the 971 time constant of the generator; T u is the time constant of the 972 turbine; e T is the valve position coefficient; and ω G and a 973 are the generator output frequency and the valve opening, 974 respectively.

975
Following the same convention, a model of the 976 cyber-physical load module can be formulated as follows: where L is the discrete load energy; P L is the electrical energy 981 delivered by the network to the load; J L and D L are the 982 parameters of a converted load model, with ω L representing 983 its local physical state; T is the sampling period; E L is a 984 zero array, with one at the corresponding time instant; and L k 985 is the sequence of the load values preceding the current time 986 instant.

987
The presented model in [62] and [97] can capture the 988 controllability and observability of the system under study. 989 In [98], a hypothetical investigation of the CPPS dynamic 990 model on a large scale was provided. A multilayered orga-991 nization of complex CPPS was presented that captures both 992 the local interactions among subsystem components and the 993 intraactions between subsystems.

995
In a multi-agent system, each physical entity or physical 996 subsystem is represented by a single agent. Internal agent 997 information is exchanged among all agents through com-998 munication networks. This approach is very convenient for 999 distributed systems because it provides an effective control 1000 approach for various DERs in a flexible and timely manner. 1001 Also, the multi-agent approach features excellent autonomy, 1002 flexible adaptability, easy coordination, and social stability. 1003 A control-based approach based on flocking theory for 1004 CPPS was proposed in [99]. The presented framework aims 1005 to improve the stability of a power system after a cyberattack 1006 considering the interactions between the cyber and physical 1007 layers. An exploration method was provided to synergisti-1008 cally harness the information and the physical couplings, then 1009 a control method was formulated to control the DERs for 1010 enhanced stability. CPPS is split into clusters, each repre-1011 sented by a few agents that capture the local system interac-1012 tions and the local control information. The state-space model 1013 of each agent is formulated using a set of dynamic equations 1014 capturing the behavior of the assigned cluster. Agents with 1015 high physical coherency are grouped into the same cluster. 1016 The dynamics of the presented framework for stability-based 1017 studies are formulated as follows: feedback system was presented, highlighting the scalability 1073 on larger systems.

1074
A distributed framework of a network control system was 1075 provided in [110] for the wide-area measurement application 1076 of CPPS, as shown in Fig. 14. The proposed framework 1077 comprises three control loops: (1) distributed state estimation 1078 and control, (2) software-defined networking (SDN)-based 1079 real-time communication network, and (3) cloud-based col-1080 lection and processing. All loops operate independently and 1081 cooperatively to maintain stable and reliable operation of the 1082 CPS. The first control loop is responsible for collecting and 1083 processing the PMU data and transmitting the control signals 1084 back to the system actuators. The second control loop serves 1085 the different wide-area applications through SDN network 1086 implementation. Finally, the spatial distribution of the PMUs 1087 with different data rates to improve the data latency and the 1088 fault latency of the second loop is managed by the third layer. 1089 In [111], a control-based framework was presented to 1090 include the role of renewable energy systems and demand 1091 response in a CPPS. The proposed methodology formulates 1092 the state-space models of CPPS at the primary, secondary, 1093 and tertiary control levels. The proposed framework was 1094 integrated with machine learning methods to determine the 1095 optimal delay assignment [112].

1097
In the dynamic system model approach, the scalability 1098 presents a major problem, considering the computational 1099 burden to solve a large set of system equations. Though the 1100 authors provided a basic guideline to implement the approach 1101 on a large scale, there are no applied research or case studies 1102 from actual deployments. Though the framework provides a 1103 unified modeling method, a few challenges still need to be 1104

1162
The authors of [54] used one-to-one mapping between the 1163 cyber and physical network to build an adjacency correlation 1164 matrix, as shown in (8).
where A is the CPPS correlation matrix, A p is the correlation 1167 matrix of the power system components, A c is the correlation 1168 matrix of the cyber and communication components, and A pc 1169 is the correlation matrix describing the connection between 1170 the power and cyber components. CPPS test beds have shown significant capabilities to eval-1264 uate the synergistic relationship between the physical and 1265 cyber system components, specifically in controlled environ-1266 ments. Also, they have been widely used in cybersecurity 1267 assessments, vulnerability analysis, intrusion detection, and 1268 mitigation strategy evaluations. The authors of [134] pro-1269 vided an extensive review on the recent simulation techniques 1270 of power systems, highlighting the importance of hybrid 1271 simulation and co-simulations to cope with the rapid inte-1272 gration of communication networks into power systems. The 1273 authors of [135] studied the various interfacing techniques 1274 between test bed components suited for different types of 1275 studies. The authors of [10] provided an extensive review on 1276 CPPS test beds detailing different types of platforms and the 1277 corresponding convenient scope of study. Also, an outlook of 1278 the future CPPS test beds was provided.

1280
Note that information on CPPS modeling approaches used in 1281 the industry at utilities, regulatory bodies, and other stake-1282 holders is not easily available in the literature. It is well 1283 known that power system control centers run complex algo-1284 rithms, such as state estimation and optimal power flow, 1285 over large areas regularly using measurements from ICT 1286 infrastructure; however, combined analysis in terms of CPPS 1287 is still rare. Power grid operators concern themselves with 1288 the evaluation of the stability of systems using contingency 1289 analysis methods, such as ''N-1'' criterion, whereas infor-1290 mation technology network operators at these control cen-1291 ters deploy traditional information technology monitoring 1292 tools, such as intrusion detection systems, to protect against 1293 cyberattacks. Although the study of cyber-induced power 1294 system failures and physics-informed information technol-1295 ogy/operational technology system protection is gaining trac-1296 tion, implementations in the industry still seem to be building 1297 toward a common framework toward CPPS modeling. Most 1298 industrial deployments seem to rely on a one-to-one mapping 1299 between the cyber and physical components to perform CPPS 1300 studies.

1302
The presented models in this section show varied levels of 1303 accuracy but rank low in overall CPPS accuracy because they 1304 specialize in one system (power or cyber) over the other. From 1305 a scalability point of view, correlation matrix approaches can 1306 be applied on large-scale systems, especially with advance-1307 ments in high-performance computing for computing over 1308 large matrices; however, cellular automata and variable struc-1309 ture methods require extensive mathematical procedures for 1310 large-scale systems. The computational burdens of proba-1311 bilistic methods significantly increase at larger scales.

1312
The fidelity feature also varies across methods. For 1313 instance, cellular automata methods have high cyber fidelity 1314 and acceptable physical fidelity, whereas correlation matrix 1315 methods and probabilistic methods have low-fidelity model-1316 ing based on the adopted level of approximations in system 1317 component modeling; however, variable structure methods have high physical, low cyber fidelity characteristics because 1319 they focus mainly on the impact of the network reconfigura-1320 tion on power system dynamics. Among these methods, cel-  On the other hand, purely graph-based approaches do not 1361 sufficiently model the state changes within the physical sys-1362 tem [136]. Also, graph models do not account for the unique 1363 characteristics of the system at various timescales nor do they 1364 capture the physical modeling [136]. Because of the high sen- Most numerical solvers dynamically adjust the step size, 1373 yielding biased solver-dependent behavior based on the 1374 selected step size. Also, Zeno behavior can be realized in 1375 some models as a result of the occurrence of an infinite 1376 number of events in a finite time interval. Having a determin-1377 istic, non-solver-dependent, and non-Zeno behavior model 1378 provides a robust and reliable testing and validation method. 1379 Consistency among the model components must be achieved 1380 to reduce the risk of divergence. As the CPS model becomes 1381 bigger, the possibility of misconnected model components 1382 increases. Validation approaches should be used to ensure 1383 correctness of connections among system components. Real-1384 istic consideration of the implementation details, including 1385 data latency and computational time, on the software level 1386 should be considered. Moreover, CPS modeling should con-1387 sider the distributed nature behavior of the system compo-1388 nents. This adds a few issues, such as disparities in time 1389 measurements, network delays, imperfect communication, 1390 consistency of the system state, and distributed consensus. 1391 Although there has been rapid evolution and improved 1392 progress in the field of modeling CPPS, several issues are 1393 still under investigation. First, many studies model the com-1394 munication or cyber layer for separate parts of the power 1395 grid, giving less interest to the interconnected communica-1396 tion network for generation, transmission, and distribution. 1397 Some studies do not fully observe the specific communication 1398 network topology and communication transmission mecha-1399 nisms, yielding less realistic modeling. The rapid advance-1400 ment in communication technologies has resulted in more 1401 efficient, low-latency, and cost-effective methods and sys-1402 tems, which calls for extensive efforts to adapt and integrate 1403 recent communication technologies, including 5G and wire-1404 less sensor networks, to CPPS.  Table 1 summarizes the rank of each modeling approach 1407 using the proposed evaluation criteria. It is obvious that each 1408 modeling approach outperforms in some characteristics, and 1409 there is no single modeling approach that fulfills all criteria. 1410 The reason behind using graph theory and complex network 1411 methods is their capability to satisfy many required charac-1412 teristics for proper CPPS modeling. This table also provides 1413 a guideline on possible integration techniques for improved 1414 modeling. For example, FSM methods can be integrated with 1415 control-based methods through proper handling of ordinary 1416 differential equations. Future research should explore combi-1417 nations of different modeling paradigms to suit the specific 1418 scenario or use case under study. In addition, techniques in 1419 the modeling process can be further refined to address the 1420 enumerated weaknesses.

1422
As noted, CPPS are transitioning to highly distributed, 1423 autonomous systems [138]. In this context, it is important 1424 for CPPS models to support distributed system modeling 1425 VOLUME 10, 2022 and analysis. This requires the system model to support the principles to adapt the system operation during an attack, and 1469 (4) including trust management schemes with different com-1470 ponents of CPS. Also, some potential solutions for improved 1471 CPPS modeling include hybrid system modeling and simu-1472 lation, heterogeneous and concurrent computational models, 1473 and functionality-architecture joint models [137].

1474
The severe impact of extreme weather events calls for 1475 comprehensive resilience-based studies of CPPS. Because 1476 conventional N − 1 or even N − 2 contingencies are not suf-1477 ficient in very tight operating conditions, the interoperability 1478 features and characteristics of CPPS might yield better sys-1479 tem performance for N − k (i.e., k > 1) contingencies. Also, 1480 cyber resilience evaluation and enhancement methods have 1481 become a necessity. Further intensive analysis is still required 1482 to assess simultataneous and coordinated cyberattacks against 1483 multiple targets in CPPS. This also calls for introducing 1484 resilience metrics to measure and assess the performance of 1485 CPPS during severe events.

1486
The rapid growth in integrating intelligent systems into 1487 conventional power system components has resulted in expo-1488 nential increases in data sizes and rates. Also, the large 1489 amounts of data transferred from PMUs has pushed toward 1490 using data mining techniques for improved monitoring and 1491 control of CPPS. Developing a CPPS control strategy that 1492 has the capability to organize, manage, analyze, and assess 1493 the spatiotemporal-based big data has become a necessity. 1494 Data fusion approaches are being studied to overcome data 1495 problems and to improve knowledge extraction for enhanced 1496 observability.

1497
With the issuing of FERC Order 2222 and allowing energy 1498 participation from distributed energy resources, a few emerg-1499 ing factors and actions are required to be addressed. This 1500 includes incorporating the role of DER aggregators and 1501 residential energy consumers in communication and cyber 1502 systems and conducting cybersecurity assessment analysis 1503 against the induced vulnerabilities in CPPS from DER aggre-1504 gators. The impact of integrating renewable energy sources 1505 and electric vehicles on CPPS still requires further investiga-1506 tion under the cyber-physical security framework to achieve 1507 cyber-physical transactive energy systems.