Fairness-Guaranteed DER Coordination Under False Data Injection Attacks

The development of the Internet of Energy (IoE) is facilitated by the integration of information technology and the growing utilization of distributed energy resources (DERs). The usage of DERs, particularly photovoltaic systems and battery energy storage systems, in IoE has revealed the potential for DERs to be leveraged for grid control. To encourage DER owners to participate in grid management, grid operators must coordinate DERs with guaranteed fairness. However, the fairness of DER coordination is now endangered due to the growing concerns about cyber attacks on DERs. This article considers false data injection attacks (FDIAs), where attackers can tamper with measurements sent to the grid operator. We study the impact of FDIAs on the fairness of the DER coordination and develop an algorithm that guarantees fairness in the presence of FDIAs. DER coordination is formulated as an optimal power flow problem that reduces voltage fluctuations and attack impacts, increases DER revenues, and ensures system-wide fairness. To achieve fair DER coordination, we propose an analog definition of fairness for different DER types and incorporate the fairness measures into DER coordination. Additionally, a robust least absolute shrinkage and selection operator regularizer is designed to forecast the actual values of fraudulent measurements and mitigate the attack’s impacts. Using a distribution feeder from the Southern California Edison system, we demonstrate the effectiveness of the proposed approach: fairness is assured both with and without attacks. Additionally, the proposed algorithm’s efficiency is justified by an average execution time of 2.56 s.


Fairness-Guaranteed DER Coordination
Under False Data Injection Attacks Yaodan Hu , Member, IEEE, Xiaochen Xian , Member, IEEE, Yier Jin , Senior Member, IEEE, and Shuo Wang , Fellow, IEEE Abstract-The development of the Internet of Energy (IoE) is facilitated by the integration of information technology and the growing utilization of distributed energy resources (DERs).The usage of DERs, particularly photovoltaic systems and battery energy storage systems, in IoE has revealed the potential for DERs to be leveraged for grid control.To encourage DER owners to participate in grid management, grid operators must coordinate DERs with guaranteed fairness.However, the fairness of DER coordination is now endangered due to the growing concerns about cyber attacks on DERs.This article considers false data injection attacks (FDIAs), where attackers can tamper with measurements sent to the grid operator.We study the impact of FDIAs on the fairness of the DER coordination and develop an algorithm that guarantees fairness in the presence of FDIAs.DER coordination is formulated as an optimal power flow problem that reduces voltage fluctuations and attack impacts, increases DER revenues, and ensures system-wide fairness.To achieve fair DER coordination, we propose an analog definition of fairness for different DER types and incorporate the fairness measures into DER coordination.Additionally, a robust least absolute shrinkage and selection operator regularizer is designed to forecast the actual values of fraudulent measurements and mitigate the attack's impacts.Using a distribution feeder from the Southern California Edison system, we demonstrate the effectiveness of the proposed approach: fairness is assured both with and without attacks.Additionally, the proposed algorithm's efficiency is justified by an average execution time of 2.56 s.

I. INTRODUCTION
T HE WIDESPREAD usage of the Internet of Things (IoT)   has led to the emergence of the Internet of Energy (IoE).By leveraging information technology (IT) and distributed energy resources (DERs), IoE outperforms traditional power grids in terms of situational awareness, reliability, stability, efficiency, and operation costs.DERs are electricity-producing resources or controllable loads deployed in the distribution system.Popular DERs include 1) renewable generations, such as photovoltaic systems (PVSs) and wind turbines; 2) energy storage, such as battery energy storage systems (BESSs) and electric vehicles; and 3) electric water heaters.The capacity of DERs in the U.S. is expected to reach 387 GW by 2025 [1], accounting for more than half of the U.S. electricity demand.This high level of DER penetration demonstrates the potential to improve power grid management by leveraging DERs flexibility and coordinating DERs.For instance, the IEEE 1547 Standard [2] mandates that PVS inverters have ride-through capabilities to stabilize the grid frequency.Toward strengthening the grid's stability and resilience to accidents, more functionalities are expected to be implemented on DERs in the near future.
In contrast to most IoT application scenarios, such as smart homes, IoE requires coordination among multiple asset owners.In order to harvest the flexibility from DERs, several mechanisms have been proposed to motivate DER owners to participate in grid management [3], [4], [5], [6].In this regard, fairness has garnered significant attention [5], [6], [7], [8], [9].An unfair DER coordination process can discourage DER owners from complying with grid requests.For example, the grid operator may request DER owners to curtail the solar power generation to mitigate the voltage rise problem while compensating them with a tariff reduction.Nevertheless, DER owners would become hesitant to participate if they were required to curtail more power or were compensated less than other DER owners.Thus, to incentivize DER owner participation, the grid operator should coordinate DERs with fairness considerations.
Despite the advance of IoE, concerns about its cybersecurity have been mounting.Compared to other grid facilities, such as substations and advanced metering infrastructures, DERs are more susceptible to attacks.Like most IoT devices, DERs have limited computational resources, which makes implementing complex defense mechanisms difficult.Moreover, DERs can be physically breached, and grid operators have limited control over them.Recent studies have exposed various vulnerabilities of DERs from both the cyber aspects [10] and the physical aspects [11].By exploiting these vulnerabilities, malicious attackers can degrade the fairness in DER coordination and make financial profits.Worse still, the longevity of equipment, as well as the security and stability of the power grid, can also be jeopardized.While there are growing concerns about attacks on DERs, there has been a notable gap in the literature regarding the impact of such attacks on fair DER coordination.In this article, we address this gap by investigating how false data injection attacks (FDIAs) can compromise the fair DER coordination process.FDIAs tamper with the measurements sent to the grid operator and can mislead the grid management.To mitigate the impact of FDIAs on grid operations, we propose a fairnessguaranteed DER coordination algorithm under attacks.The contributions of this article are summarized as follows.
1) We investigate the impact of FDIAs on the fair coordination of DERs.As far as the authors know, such a concern has not been addressed yet in the literature.We show that FDIAs can significantly degrade the performance of operations in the power grid.2) We consider a heterogenous DER environment and propose analog fairness measures for different types of DERs.We formulate the fair coordination problem as an optimal power flow (OPF) problem, and fairness is achieved by integrating the fairness measures into the optimization formulation.3) To mitigate the impact of the sparse FDIAs, we propose a robust LASSO regularizer to estimate the original measurements.The regularizer can limit the attack impacts by leveraging the system dynamics and robustly adjusting the weight balancing the penalties based on the reported measurements and the system dynamics.4) Simulations are conducted on the Southern California Edison (SCE) distribution feeder to demonstrate the effectiveness and efficiency of the proposed fairnessguaranteed DER coordination algorithm.The results show that fairness is guaranteed with and without attacks.The remainder of this article is organized as follows.Section II discusses the current literature on fair DER coordination and DER security.Section III introduces the background knowledge of this article, including PVS, BESS, system model, threat model, and a general formulation of OPF.In Section IV, we discuss the proposed definitions for fairness and the formulation and solution of fairness-guaranteed DER coordination.Section V presents the performance of the proposed work and in Section VI, we conclude our work.

A. Fair DER Coordination
The existing literature has extensively studied the fairness of DER coordination through the OPF method, with most works focusing on fairness among PV systems [5], [6], [8].Liu et al. [5] evaluated the fairness achieved by different Volt-Watt schemes using Jain's fairness index.The authors assessed fairness from different aspects, such as PV harvesting, energy export, and financial benefit.Gebbran et al. [6] proposed a hierarchical architecture to achieve fair PV curtailment across households.Specifically, three fairness metrics are proposed: 1) egalitarian; 2) proportional; and 3) uniform dynamic PV curtailment redistribution.Similarly, Lusis et al. [8] developed a centralized PV inverter coordination method called fair optimal inverter dispatch (FOID), which resulted in less power curtailment than the droop control methods.However, the increase in heterogeneity of DER requires the fairness of BESS to be addressed as well.Zeraati et al. [9] proposed a consensus control algorithm for a heterogeneous system with both PVSs and BESSs, which maximized the utilization of BESSs and minimized curtailed solar power.

B. DER Cybersecurity
The defense methods for DERs can be categorized into hardware-based and software-based methods.The hardwarebased methods utilize the hardware components, such as trusted execution environments (TEEs) [12], cryptography module [13], and device statistical features [14].Nevertheless, the hardware-based methods have limitations due to poor scalability and less administrative control over DERs.In contrast, software-based methods provide an additional layer of defense by compensating for the shortcomings of hardwarebased methods.Besides traditional cybersecurity defenses, such as firewalls and cryptography, control methods have been developed to mitigate the impacts of malicious attacks.Gholami et al. [15], designed a sliding-mode controller for DERs, which was capable of recovering the tampered data.Furthermore, a two-player zero-sum differential game was leveraged in [16] to minimize the attack impacts.To address concerns about the lack of administrative control, Hu et al. [17] proposed a risk-aware DER management (RADM) framework, in which the trustworthiness of DERs is evaluated at a control center and the DERs are coordinated based on their trustworthiness.

III. BACKGROUND
In this section, we introduce the background knowledge for the proposed DER coordination scheme.While a variety of DERs have been deployed in the distribution system, PVSs and BESSs, including electric vehicles, are most prevalent [1].For the purposes of this article, we focus on PVSs and BESSs as the DERs in the distribution system.However, it should be noted that the proposed algorithm is not limited to these specific types of DERs and can be extended to other types as well.

A. Photovoltaic Systems
A PVS consists of PV panels, dc/dc converters, a dc bus, and power inverters.The PV panels and dc/dc converters convert the solar energy to dc power at a desired dc bus voltage.The inverters convert the generated dc power to ac power.Since there are coupling inductors between the inverters and the power grid, and capacitors on the dc bus, the PVS is capable of injecting active power, and injecting or absorbing reactive powers from the power grid.Typically, an inverter controller is implemented to set the operating point of the PVS, i.e., the active and the reactive power.By default, PVSs are operated with a maximum power point tracking (MPPT) algorithm to maximize solar energy harvesting.The maximum output power of a PVS is limited by environmental factors, such as solar irradiation and temperature.Given the size and the manufacturing model of a PVS, the maximum output power can be estimated with the environmental information [18].

B. Battery Energy Storage Systems
On the other hand, BESSs are equipped with inverters and can inject or absorb active power from the power grid.The state of a BESS is described by the State of Charge (SoC), which equals the ratio of the remaining energy to the full capacity of the BESS [19].BESSs have two operation modes: 1) charging and 2) discharging.During the charging mode, BESSs absorb active power from the grid, resulting P B k < 0, where P B k is the output power of BESS at the control cycle k.Conversely, during the discharging mode, BESSs inject power to the grid and, thus, P B k > 0. The dynamics of a BESS can be depicted by the following equation: in which SoC k|k−1 denotes the a priori SoC estimation of a BESS at the control cycle k based on the SoC at the control cycle k − 1, i.e., SoC k−1 .η is the BESS round trip efficiency, which is equal to the ratio of the energy recovered to the power grid to that initially absorbed from the power grid.C B denotes the capacity of the BESS, and T is the time of a control cycle.

C. System Model
In this article, we consider a distribution system with heterogeneous DERs as shown in Fig. 1(a).The distribution system consists of several households under a substation connecting to the main grid, i.e., the utility source, with a transformer.For each household, besides various loads, a PVS and a BESS are installed, and three components are connected to the point of common coupling (PCC).For the remainder of this article, we use "household" and "DER owner" interchangeably.To maintain grid stability, a control center, such as the energy management system (EMS) of the distribution system operator (DSO), will coordinate BESSs and PVSs and set their operation points.The topology of the distribution system can be summarized with the single-line diagram shown in Fig. 1(b).We represent the single line diagram as a weighted directed graph G = (N , E) as shown in Fig. 1(c).Each node in the graph represents a bus.We use N = {1, 2, . . ., n b } to denote the set of buses and n b is the number of buses.In the rest of this article, we use "bus" and "node" interchangeably.The reference bus, denoted by bus 1, is connected to the utility source, and its voltage is set to 1 per unit (p.u.).We denote the set of links as E, where a link (l, m) exists between nodes l and m if a power line connects them.Since typically powers flow from the utility source to end users, the head l is selected as the node with the shorter distance to bus 1.The weight of the link (l, m) is decided by the complex line impedance Z lm = R lm +jX lm , in which j is the imaginary unit, R lm denotes the resistance of the line (l, m), and X lm denotes the reactance of the line (l, m).The set of households is denoted as which n h denotes the number of households.Without loss of reality, we assume that the control center has knowledge of the system graph G, the capacity of each PVS C S i , and the capacity of each BESS C B i .We also assume that the control center has access to the weather information through, for example, public weather websites.Thus, according to the capacity of each PVS, the control center can estimate the maximum power of the PVS P MPPT i,k at the control cycle k.During each control cycle k, the control center receives the active and reactive powers of household i's load, P L i,k and Q L i,k , from smart meters.Besides, the BESSs report their SoC, SoC i,k , to the control center.Based on the information, the control center calculates the desirable operation set point for the PVS i and the BESS i, including the active and the reactive power outputs of PVSs and BESSs, which are denoted as a tuple

D. Threat Model
In this article, we make several assumptions regarding the trustworthiness of the control center and the vulnerability of DERs to cyberattacks.According to regulatory requirements, the control center is trusted and is authorized to execute requests, such as active power curtailment and BESS charging/discharging to ensure grid stability.However, DERs are more vulnerable to cyberattacks because they can be physically compromised and are less closely monitored by the control center.Such attacks may be launched by external malicious parties or internal DER owners, with the aim of achieving various objectives such as financial gain, equipment damage, or grid destabilization.To this end, we assume that the attacker can carry out FDIAs on DERs to mislead grid operations.Since PVSs do not report any data to the EMS, we assume that the attacker spoofs the reported SoC.Denote the reported SoC value from the household i at the control cycle k as a i,k is the attack vector, i.e., the error added to the true SoC.If a i,k = 0, the reported SoC is tampered with.The feasibility of FDIAS on BESSs has been demonstrated in, for example, [20] and [21].Note that we do not consider attacks tampering with smart meter readings.Smart meters are typically installed and maintained by utility companies, and various anti-energy theft techniques have been developed to detect such attacks [22].

E. OPF-Based DER Coordination
Here, we introduce a general formulation of DER coordination for voltage regulation.Such a formulation has been widely adopted in existing studies, for example, [23], [24], [25], [26], and [27].The formulation may differ based on different scenarios (such as Var control and Watt control), different law regulations, and optimization objectives (such as minimizing the generation cost or the voltage fluctuation).For simplicity, we assume that the three phases of the distribution system are balanced.In case of an unbalanced system, the formulations can be extended by listing the variables and constraints for each phase and including the coupling terms between phases.Throughout this article, we use a i,k to denote the ith element of variable a at the control cycle k.{a i,k } denotes the set of variables for i ∈ I at the control cycle k, and I is the domain of i.
To regulate the grid voltages, a reference voltage V ref is set.The objective is to minimize the voltage deviations from the reference voltage Here, V i,k denotes the complex voltage of bus i at the control cycle k.Denote P ij,k as the power flowing from bus i to bus j.We minimize the active power flowing into or from the distribution system in Fig. 1, i.e., |P 12,k |.When P 12,k > 0, meaning that the generated solar energy is insufficient to meet the load demand, we intend to minimize the electricity tariff of the distribution system.When P 12,k < 0, meaning that too much solar energy is generated, we minimize the reversed power flow to avoid the voltage rise problem.Therefore, the objective L 2 is defined as follows: The second-order term is for convergence consideration [6], and ζ is the coefficient to balance the first-and second-order terms.Further, to maximize the benefits of PVSs, we minimize the amount of curtailed PVS output powers There are several operation limits characterizing the power system and the devices.We assume that the line loss is negligible.For each link (i, j) ∈ E, the power flows and the voltages satisfy the linearized distribution flow equations [28] where P ij,k and Q ij,k are the active and reactive power flowing from bus i to j, and P L j,k and Q L j,k are the active and the reactive power of the load at the bus j at the control cycle k, respectively.Recall that P S j,k (Q S j,k ) and P B j,k (Q B j,k ) are the active (reactive) powers of PVS j and BESS j at the control cycle k.To guarantee the safe operations of the grid, the voltage magnitude should be bounded in which V min and V max are the lower and the upper bounds of voltage magnitudes, respectively.Moreover, the output active power of a PVS cannot exceed the maximum power point under a specific operation condition, and the apparent power of each PVS should be smaller than its nominal power S S max,i ∀i ∈ H (9) Similarly, for each BESS, its output power should be below its maximum output power P B max,i , and the apparent power of each BESS should be smaller than its nominal power S B max,i Naturally, the SoC of each BESS is between 0 and 1 by definition Besides, to extend the cycle life of a BESS, the BESS should be operated within a range [SoC min , SoC max ] ⊂ [0, 1] to avoid deep-discharging or over-charging.Thus, the SoC of each BESS after charging/discharging, i.e., at the next control cycle, should be bounded Note that we should also avoid frequent charging or discharging to extend the BESS life.We show in the simulation that BESSs can go through a complete charging/discharging cycle in a day, and, thus, we do not consider the constraint of avoiding frequent charging or discharging here.Furthermore, according to the 80 Plus standard [29], the power factors should be maintained larger than 0.9 for both PVSs and BESSs To summarize, at each control cycle k, a general voltage regulation problem P is formalized as min r=1,2,3 α r L r s.t. ( 5), ( 6), ( 7), ( 8), ( 9), ( 10), ( 11), ( 12), ( 13), ( 14), ( 15), (16) over in which α r are the weights balancing different terms.
Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

A. Problem Definition
The falsified SoC values can cause inaccuracies in the operation set point tuple ), leading to unfairness among households and disincentivizing grid management.Additionally, the inaccurate set point may damage equipment, such as PVSs and BESSs, and destabilize the power system.
Previous works focused on FDIA detections.Obrien et al. [30] discussed detecting FDIAs on BESSs leveraging model-based state estimation and cumulative sum algorithm.Nevertheless, Zhuang and Liang [21] demonstrated the feasibility of constructing FDIAs on BESSs bypassing model-based state estimations.Further, Lee et al. [31] studied a data-driven method to detect FDIAs on BESSs.On the other hand, how to guarantee fairness during attacks is not answered.This article will answer this question and, thus, enhance the resilience of grid operations.Specifically, we will investigate how to mitigate the impacts of the tampered SoC values and guarantee fairness among households.To achieve these goals, we formulate the DER coordination process as an optimization problem, which will be solved at the control center.Operational fairness is considered for both PVSs and BESSs and is defined in Section IV-B.Furthermore, the impacts of the modified SoC values are mitigated with a robust LASSO regularization term discussed in Section IV-C.

B. Fair DER Coordination
Fair operations of DERs are important for encouraging household participation in grid management and maintaining grid stability.While some research has investigated fair PVS operations, there have been very few for fair BESS operations [9], [32].As a backup for electricity outages, the fairness of BESS operations is also necessary to guarantee that every household can have available energy during an electricity outage.Besides, as the types of DERs increase, how to ensure fairness in such a heterogeneous DER environment has become a concern.To address this challenge, we propose an analog definition of fairness that applies to all types of DERs.This approach saves effort and ensures consistency in defining fairness across different DER types.
Denote the control parameter of a DER as φ, and the limit of φ as .For example, the control parameter of PVSs is the active power generation P S i,k , and the limit of the active power generation is the maximum power point P MPPT i,k .Similarly, for BESSs, the control parameter is the active power output P B i,k , and the limit of the active power output is is the remaining BESS capacity for safe operations under the charging or the discharging mode, and i,k is defined as follows: We evaluate the fairness of a DER operation with the control parameter φ in a proportional way and define the fairness measure for the DER as There have been three categories of definitions of fairness in [6]: 1) uniform; 2) egalitarian; and 3) proportional.The uniform fairness guarantees that all DERs have the same control parameter φ.The egalitarian fairness guarantees that all DERs have the same residual −φ.We choose proportional fairness over the other two because it guarantees that all DERs have the same status.For example, if we use uniform fairness, BESSs with small capacities may be drained, i.e., have no residual left and − φ = (C B i i,k − P B i,k T)/T = 0.If we use egalitarian fairness, BESSs with small capacities may not contribute to the system, i.e., φ = P B i,k = 0. Similarly, if we use uniform fairness, PVSs with large maximum output may be heavily curtailed and not sufficiently utilized, i.e., − φ = P MPPT i,k is large.If we use egalitarian fairness, PVSs with small maximum output are not utilized or contribute to the system, i,e., φ = P S i,k = 0. Given the discussion, we adopt proportional fairness because it guarantees that all DERs contribute to the system and have residuals simultaneously.
Equivalent to the fairness measure (19), we define the fair operations for PVSs and BESSs below for better physical interpretation: Definition 1 (Fair PVS Operation): Definition 2 (Fair BESS Operation): Definition 1 indicates that all households should have the same percentage of curtailed power, that is, the amount of curtailed power is equal to the difference between the maximum PVS active power output given the current weather condition and the actual PVS active power output, i.e., P MPPT i,k − P S i,k .Definition 2 indicates that the output power of a BESS, P B i,k , should be decided based on the available capacity such that all households have the same speed toward the BESS operation limits.Furthermore, all BESSs should have the same operation mode, either charging or discharging.

C. Fairness-Guaranteed DER Coordination
Since the attacker modifies reported SoC values, the fairness in DER coordination can be compromised with false values.To mitigate the impact of tampered SoC values, we propose a robust LASSO regularizer leveraging the dynamics of BESSs (1).Typically, only a portion of reported values are spoofed; thus, the SoC estimation can be formulated as a LASSO problem to effectively detect sparse attacks.Denote the reported SoC value from the household i at the control cycle k as SoC a i,k = SoC i,k + a i,k .If a i,k = 0, the reported SoC is tampered with.The adaptive LASSO regularizer is defined as in which λ and are constant parameters to tune the weight term λ( + |SoC a i,k − SoC i,k|k−1 |).The weight term balances between two penalties, the L 1 -norm penalty between the optimization variable SoC i,k and the reported SoC measurement SoC a i,k , and the L 2 -norm penalty between SoC i,k and a priori SoC estimation SoC i,k|k−1 .Instead of using a static weight λ, the weight term is adaptive based on the difference between SoC a i,k and SoC i,k|k−1 , and, thus, is more robust to attacks.When the difference is small, SoC i,k is decided based on the two penalty terms.Nevertheless, when the difference is large, meaning that an attack is likely to have occurred, a heavy weight will be assigned to the L 2 -norm penalty term.Thus, SoC i,k is estimated mainly based on SoC i,k|k−1 , and the bias caused by the attack is limited.

D. Proposed Solution
Since the problem P FG is nonconvex in its current form, we apply transformations to the nonconvex constraints, i.e., the power flow constraint (7), the power factor constraints ( 15), (16), and the fair BESS operation constraint (21).
For (7), we introduce an additional variable v i,k , which is defined as follows: Thus, ( 7) can be rewritten as Correspondingly, L 1 is rewritten as and ( 8) is transformed into For the PV power factor constraint (15), since P S i,k ≥ 0, ( 15) is equivalent to the below format We reformulate ( 16) in a similar way.Note that BESSs have two operation modes: 1) charging and 2) discharging.Thus, we split the constraint into two According to Definition 1 (18) and 2 (19), we define local PV fairness index f S i,k and local BESS fairness index f B i,k as When the system-wide fairness is achieved ∀i ∈ H in which F S k and F B k are the global PV fairness and the global BESS fairness achieved among all households.The two equations are equivalent to To identify the optimal global fairness, we include as an auxiliary optimization variable.Consequently, the P FG is transformed into the following formation: min 35), (36).
Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
We solve (37) iteratively by the alternating direction method of multipliers (ADMMs) algorithm [33].The augmented Lagrangian function of ( 37) is presented as follows: , and ρ S and ρ B are the step sizes of τ S i,k and τ B i,k , respectively.At iteration l, the corresponding updates of ADMM are presented as follows: A summary of the solution method is presented in Algorithm 1.The sign of P B i,k is decided in the initialization step (lines 1-10).When i∈H P MPPT i,k < i∈H P L i,k , meaning that additional power source is required, the BESSs should be operated in discharging mode, and, thus, P B i,k > 0. On the other hand, when i∈H P MPPT i,k > i∈H P L i,k , meaning that solar power is sufficient for load demands, the BESSs should be operated in charging mode to minimize reverse flows, and, thus, P B i,k < 0. In the iteration step, we update X k , F k , and τ k (lines [11][12][13][14].The iteration stops when the maximum number of iterations is reached or X k is converged.

A. Dataset and Simulation Setup
We choose the SCE distribution feeders (Fig. 2) used in [26] for simulation.The base voltage of the distribution system is 12 kV, and the system has 56 buses, 55 lines, and 42 loads in total.Each bus with a load has a PVS and a BESS installed.The load profiles are randomly selected from the European Low Voltage Test Feeders [34] and scaled with the peak active power of each load.The reactive powers are generated with a power factor of 0.9.We assume a PV penetration level of 30%.That is, the capacity of each PVS is 30% of the load Algorithm 1: Fairness-Guaranteed DER Coordination  (37) by updating X k , F k , τ k with (39), ( 40), ( 41), ( 42), (43);   [35].We select Tesla Powerwall 2 as the BESS.The number of batteries in each BESS is decided such that the total capacity is capable of sustaining 20% of the daily power consumption.Due to the limited space, we do not list the detailed device information here.The parameters used in (37) are listed in Table I.The values are decided by balancing the order of each term through rounds of trials.
The simulated time period is from 7 A.M. to 12 A.M., with an interval of 5 min.Thus, there are 60 control cycles in total.The initial SoC values are set to be 0.4.Twenty households are randomly selected as attackers.The attacks are conducted from  The optimization problems P (17), P F (22), and P FG (24) are implemented on a virtual machine with 8-GB RAM, two cores, and a 3.6-GHz Intel i7-9700K CPU.They are solved in Python using Ipopt [36] with the linear solver MA57 [37] through Pyomo [38] interface.

B. Simulation Results
In this section, we evaluate the performance of the proposed fairness-guaranteed DER coordination algorithm P FG from three aspects: 1) the accuracy of the estimated SoC; 2) the fairness achieved among households; and 3) the computational cost.We treat P and P F as the state of the art and present a comparison between P FG , P, and P F .Similar considerations can be found in [5] and [8].
1) SoC Estimation Performance Evaluation: In this part, we evaluate the accuracy of SoC estimations in P FG .The estimation accuracy is evaluated by the difference between the SoC estimation SoC i,k and the true SoC value SoC True i,k which is listed as The box plot of δ SoC i,k w.r.t. the control cycle k is presented in Fig. 3.The box plot shows the median (the bar inside the box), the first and third quartiles (the bottom and the top of the box), the minimum and the maximum (the bottom and the top bars), and the outliers (the dots) of the interested data, in this case, δ SoC i,k .From the figure, we observe that when there is no attack (1 ≤ k ≤ 12), the SoCs of BESSs are accurately estimated.When attacks occur (13 ≤ k ≤ 24 and 37 ≤ k ≤ 48), the estimation accuracy slightly degrades (the maximum error is around 4×10 −3 ).However, when attacks stop (25 ≤ k ≤ 36 and 49 ≤ k ≤ 60), the estimation accuracy gradually recovers.This proves the effectiveness of the proposed adaptive LASSO regularization term.
In Fig. 4, we show the dynamics of the BESS at the bus 10 with algorithm P, P F , and P FG .We observe that for all three algorithms, BESSs go through a full charging/discharging cycle instead of frequent charging/discharging switching.This observation demonstrates the justification of omitting the constraint on charging/discharging switching in our formulation.In addition, we observe that the algorithm P FG can guarantee that BESS SoC is bounded within the desirable range (0.2, 0.8) as specified in Table I, while the SoC with algorithm P drops below 0.2.This outcome is due to the ability of algorithm P FG to estimate the true SoC values.Besides, we decide the output power of a BESS based on the available capacity of the BESS.This allows for a slow approach toward the operation limit, which provides BESS capacity tolerance when attacks happen.Although the SoC of algorithms P F and P FG evolve similarly before an attack, the former experiences a sudden drop in SoC when the attack begins at k = 13.Since the BESSs are operated in charging mode after the 17th control cycle, the attack impact is limited.However, we hypothesize that the SoC with algorithm P F can drop below the operation limit as well if the BESS is still operated in discharging mode.
2) Fairness Evaluation: Fig. 5 shows the box plot of the fairness of PVS active power curtailment achieved among households.Since we use different weather conditions for different households and the solar irradiation of one of the PVSs is 0 until the 19th control cycle, we observe outliers of the achieved fairness (f S i,k = 0) during this period.A large f S i,k indicates that the PVS output power is heavily curtailed, and a large variation of f S i,k indicates that PVS output powers are curtailed unfairly.We observe that the output powers of PVSs are heavily curtailed with the algorithm P. The maximum percentage of the curtailed power is as high as 48.3%.Besides, after the 48th control cycle, when the BESSs are almost fully charged and the solar irradiation reaches the maximum (around 11 A.M.), we observe a consecutive high percentage of curtailment of around 20%.On the other hand, the percentages of curtailment of algorithm P F and P FG are below 1%.
Since fairness is considered in algorithms P F and P FG , the surplus power of a PVS can be distributed to other nodes instead of being curtailed.We also observe that the algorithm P cannot guarantee fair PV power curtailments, especially, when curtailment is required.P F and P FG achieve better fairness among households.For all i and k, the variations of f S i,k with algorithm P F and P FG are lower than 0.004.Fig. 6 shows the box plot of the fairness of BESS operations achieved among households.Since the attackers modify the reported SoC measurements, the fairness of BESS operations is significantly affected.A large f B i,k indicates a large output power P B i,k or a small BESS remaining capacity i,k , and the BESS can be quickly deep-drained or over-charged.Thus, a large f B i,k usually means that the BESS is operated improperly.
Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.This means that the BESSs are operated appropriately in that the BESSs approach the operation limit gradually and will not be over-charged or deep-drained.
3) Computational Performance Evaluation: The execution time of P, P F , and P FG is summarized as the box plot shown in Fig. 7. Despite of the complex objective function, P FG has achieved comparable performance with P and P F : the average execution time of the three algorithms is 2.81 s for P, 2.78 s for P F , and 2.56 s for P FG .Overall, the results show that P FG can be solved efficiently.The shortest execution time observed is 0.28 s, and the longest is 3.96 s.Given that the algorithm is run every 5 min, such a short execution time demonstrates the feasibility of implementing the proposed algorithm in real applications.
4) Simulation Results Summary: The introduction of the adaptive LASSO regularizer L 4 in P FG enhances the resilience of the DER coordination process to attacks.The simulation results show that P FG guarantees safe and fair DER operations.Despite that using a regularizer complicates the optimization formulation, such a tradeoff is acceptable because the control center does not have real-time requirements.

VI. CONCLUSION
In this article, we propose a novel algorithm P FG that guarantees fair DER coordination in the presence of malicious attackers conducting FDIAs on DERs.The algorithm ensures fair PV curtailment and BESS operations with and without attacks while limiting the impact of attacks by incorporating a robust LASSO regularizer.We demonstrate the effectiveness and resilience of the proposed algorithm through simulations of the SCE distribution feeder.Future work will focus on developing parallel algorithms to improve computational efficiency and explore more accurate DER models.The proposed algorithm P FG is a significant step toward safe and fair DER operations in the presence of cyber threats.

Fig. 1 .
Fig. 1.Distribution system with DERs.(a) Illustration of the physical system.The red variable is the variable subject to attacks.(b) Single-line diagram of (a).(c) Graph representing (b).
8 A.M. (the 13th control cycle) to 9 A.M. (the 24th control cycle) and 10 A.M. (the 37th control cycle) to 11 A.M. (the 48th control cycle).For simplicity, the attack vector a i,k is generated from Gaussian distribution N(0, 0.09) and cropped to be within the range [SoC min , SoC max ].

TABLE I LIST
OF PARAMETER VALUES peak active powers.The maximum power points of PVSs are generated in Simulink with SunPower SPR-415E-WHT-D PVS module and Florida weather data from the National Renewable Energy Laboratory