Cyber Insurance for Energy Economic Risks

Abstract

The proliferation of information and communication technologies (ICTs) within smart cities has not only enhanced the capabilities and efficiencies of urban energy systems but has also introduced significant cyber threats that can compromise these systems. To mitigate the financial risks associated with cyber intrusions in smart city infrastructures, this study introduces a two-stage hierarchical planning model for ICT-integrated multi-energy systems, emphasizing the economic role of cyber insurance. By adopting cyber insurance, smart city operators can mitigate the financial impact of unforeseen cyber incidents, transferring these economic risks to the insurance provider. The proposed two-stage optimization model strategically balances the economic implications of urban energy system operations with cyber insurance coverage. This approach allows city managers to make economically informed decisions about insurance procurement in the first stage and implement cost-effective defense strategies against potential cyberattacks in the second stage. Utilizing a distributionally robust approach, the study captures the emergent and uncertain nature of cyberattacks through a moment-based ambiguity set and resolves the reformulated linear problem using a dynamic cutting plane method. This work offers a distinct perspective on managing the economic risks of cyber incidents in smart cities and provides a valuable framework for decision making regarding cyber insurance procurement, ultimately aiming to enhance the financial stability of smart city energy operations.

1. Introduction

Following the high expectations that modern grids will benefit from information and communication technologies (ICTs), cyber security issues have also become non-negligible concerns, threating the security and economy of grid operations [1,2]. An FDI attack involves the deliberate manipulation of data within energy-management systems [3]. Unlike conventional cyberattacks that aim to disrupt system operations through denial-of-service or direct damage to the infrastructure, FDI attacks are more insidious [4,5]. They subtly alter the data used for decision-making processes in energy systems, leading to erroneous system operations, inefficient resource allocation, and potentially hazardous conditions. The methodologies employed in FDI attacks are diverse and they are evolving. Common strategies include tampering with sensor readings, corrupting data communication channels, and exploiting vulnerabilities in data-aggregation processes. These methods are designed to bypass conventional detection systems, making FDI attacks particularly challenging to identify and counter [6,7]. State estimation (SE) plays a vital part in detecting false data injection (FDI) attempts via filtering out inaccuracies from measurements [8]. In the realm of power system operations, SE plays a pivotal role. It involves the application of algorithms to deduce the most likely state of an electrical network [9] by utilizing observed measurements like voltages and power flows [10]. This process is critical in ensuring accurate and reliable data for grid management [11]. However, these measurements are susceptible to various sources of errors [12,13]. These errors could stem from instrument inaccuracies, data transmission issues, or even deliberate manipulations, as observed in cyberattacks. Inaccurate measurements can lead to incorrect decisions in grid management, making the grid vulnerable to inefficiencies, instability, or even systemic failures [14]. Therefore, understanding and improving state estimation is essential in bolstering the robustness of power systems against such vulnerabilities. Nevertheless, stealthily designed FDI attacks are able to compromise the measurement without being detected [15]. Recent history has witnessed several high-profile intrusions into power grid systems. There has been a wide variety of reports demonstrating the significant FDI-based cyber threats. Ukraine experienced major power outages affecting nearly 250,000 people due to cyberattacks. While these attacks primarily involved malicious software to gain control of and disable critical power infrastructure, they exposed systemic vulnerabilities in the grid’s cybersecurity. Such vulnerabilities could potentially be exploited by FDI attacks, where false data are injected to manipulate the grid’s operational decisions, leading to similar, if not more severe, disruptions [16]. The Olympic Destroyer malware incident during the Winter Olympics in Pyeongchang demonstrated the potential for cyber threats to disrupt critical infrastructure, including power grid systems. This event serves as a poignant reminder that, if FDI attacks were to target similar vulnerabilities, they could manipulate data to cause operational chaos without the immediate detection typically associated with more overt forms of cyberattacks [17]. The activities of the SandWorm group, which included spear-phishing and exploiting zero-day vulnerabilities, primarily targeted energy companies and critical infrastructure operators. This group’s method of compromising power grid systems signals a risk that is also pertinent in the context of FDI attacks [18].

1.1. Related Work

In order to mitigate the attack consequences, existing works have provided valuable insights to explore effective mitigation models [19]. The authors of [20] studied a trust value determination framework to indicate the trustworthiness of the obtained measurements. Distributed energy resources rely on the trust values of the control protocols to decelerate and mitigate FDI attacks. The authors of [21] attempted to design a two-stage detection and mitigation approach against electric vehicle (EV) switching attacks to avoid grid instability conditions. A back propagation neural network approach is applied to detect and delay the abnormal switching request. In [22], a hybrid FDI-mitigation scheme based on ensemble empirical mode decomposition is devised for concurrent attacks in DC microgrids. An event-driven mitigation method is adopted to eliminate the attack signal with the reconstruction of trustworthy signals. To enhance the robustness of cyber–physical control systems, the authors of [23] designed a reactive attack-mitigation method. The attack is formulated via a Markov decision process, and a Q-learning-based linear approximation is employed to solve the problem. A diversified software deployment for cyber risk mitigation is studied in [24] under the exposure of coordinated cyberattacks. A long-term optimization model ensures the expected minimal risk considering the worst-case scenario. The authors of [25] proposed a robust incentive-reduction strategic model against financially motivated FDI attacks, which targets the very short term load predictor and deceives the system operator with an uneconomic operation scheme. However, the existing literature solely relies on the emergency response measure to mitigate the attack consequences, which can be strengthened by involving pre-attack risk-management approaches, considering the likelihood of potential cyberattacks. The work in [26] is crucial as it addresses a timely and critical issue—the vulnerability of low-voltage distribution grids to cyberattacks precipitated by the increased integration of EV charging stations. One of the most commendable aspects of this paper is its focus on using the IEEE European Low-Voltage Test Feeder (ELVTF) as a standard model. This choice is particularly praiseworthy because it allows for a highly relevant and standardized approach to simulation, ensuring that the results are robust, reliable, and widely applicable. By utilizing the ELVTF, the study not only enhances its credibility but also contributes significantly to standardizing cybersecurity assessments within the smart grid domain.

It is unrealistic to cover and defend against all cyber threats due to their unforeseeable and catastrophic nature. Cyber insurance is designed to mitigate the financial losses that are incurred by cyber risks, offering a mechanism for managing the economic impact of cyberattacks, e.g., data breaches and malicious cyberattacks from hackers [27]. The insured party needs to pay the premium regularly, whilst the insurer is responsible for indemnity to cover the financial losses induced by cyberattacks. It is anticipated that the market size of commercial-based cyber insurance will reach into the multimillions by 2028. The American International Group (AIG) is a cyber insurance corporation at the forefront of the industry; it has offered protection services against cyber risks since the late 1990s. The CyberEdge policy is a well-known customized cyber insurance product which is a comprehensive cyber-risk-management solution, offering standalone schemes for business companies [28]. After the cyber disaster that was launched against the Colonial Pipeline in May 2021, U.S. energy companies started to realize the importance of purchasing cyber insurance. The insurance premium of the energy sector used to be the lowest across all industries. However, insurance companies have already prepared to increase premiums by between 25% and 40% due to the increasing severity of attacks and the unprecedented growth of the market [29].

Prior studies that have investigated cyber insurance management for power grids have been limited to single-stage operation models. The authors of [30] established an actuarial model to eliminate the riskiness and enhance the cyber insurance markets of power grids. A semi-Markov process (SMP) is applied to model the random cyber intrusion process, followed by sequential Monte Carlo simulations to assess the grid interruptions. As for applications in vehicle-to-grid systems, the authors of [31] adopted cyber insurance to mitigate the risks of high energy costs induced by EV charging against the unavailability of data transmission. The original problem is transformed into an optimization problem. An optimal charging and insurance buying policy is obtained. The authors of [32] devised a coalitional insurance investment framework as an alternative to the traditional insurance managed by third-party companies. The transmission operators serve as both the insured parties and the insurers. To hedge the economic losses against cyberattacks for EV charging stations, the authors of [33] proposed an optimal insurance premium scheme for insurers. A coherent risk assessment approach is incorporated into the mechanism design to guarantee its robustness. However, existing works are limited in modelling EV charging behavior and energy trading against cyber intrusions; additionally, they failed to incorporate the complete grid structure information and grid physical constraints. Since cyber insurance management for energy grids is still at the very early stages, further exploration is required to effectively mitigate the cyber risks.

The authors of [34] explored an integrated risk-management strategy that combines insurance and security investments to reduce overall security expenses. It evaluates the optimal investment under different insurance policies and concludes that the effectiveness of mixed strategies depends on factors like potential loss and vulnerability, often reverting to insurance-alone approaches under specific conditions. The authors of [35] investigated whether cyber insurance can enhance network security through a market-based analysis, including regulated monopolistic and competitive markets. The findings suggest that, while unique market equilibriums exist in both market types, their efficiency and impact on improving network security vary, with challenges highlighted in monopolistic markets due to issues around contract discrimination and insurer profitability. The authors of [36] presented analytical models for optimizing cybersecurity spending and cyber insurance, focusing on their effectiveness in reducing cyber threats. The study emphasizes the importance of private sector involvement in countering cybercrimes and proposes innovative cyber insurance approaches; these would be particularly beneficial for small- and medium-sized enterprises, through customized, threat-specific coverage and risk management support. The authors of [37] presented a mathematical analysis of cyber insurance in a non-competitive market, addressing concerns about cyber insurance leading to reduced security investments. The authors demonstrate that, with the right pricing strategy, it is possible to ensure that security investments remain high, even with insurance. Their theoretical analysis, supported by CARA and CRRA utility functions, provides insight into balancing insurance with maintaining robust security measures. This study investigates the dynamics of self-defense investments in Internet security in the context of cyber insurance coverage. The authors of [38] proposed a mathematical framework for understanding how cooperative and non-cooperative Internet users decide on their self-defense investments under full and partial insurance coverage. The results indicate that cooperative behavior enhances self-defense investment efficiency, and that partial insurance coverage motivates more prudent self-defense investments compared to full coverage. In this comprehensive survey [27], the authors provide an in-depth analysis of the burgeoning field of cyber insurance. They discuss its peculiarities, provide a formal background, and review the existing literature on the topic. The paper explores the applicability of cyber insurance in various technological systems, identifies unique challenges in this market, and proposes directions for future research, making it a valuable resource for understanding the landscape of cyber insurance.

The Distributionally Robust Optimization (DRO) method is developed to hedge against the system uncertainties for energy management, including renewable generation fluctuation, load variation, natural disasters, etc. The authors of [39] applied DRO to evaluate the operation costs affected by uncertain wind generation and EV charging delays. A linear decision rule model is adopted to approximate the second-stage formulation, assuming that real-time decisions are an affine relationship of uncertainty realizations. In [40], a DRO-based chance-constrained program is utilized to account for the load uncertainty in a multistage distribution-expansion planning model. The intractable nonlinear constraints are reformulated into second-order conic constraints. DRO is effective in mitigating the overfitting effects and in reducing the estimation errors of classical stochastic optimization to characterize a single distribution. DRO also contributes to weakening the over-conservativeness of robust optimization.

The implementation of effective cyber insurance management for insured parties is faced with numerous challenges. These include the unpredictability of demand for security services [41], the inherent uncertainty of the severity of cyber risks [42], and the prohibitive costs of insurance premiums [43]. To date, no power grid utility providers have purchased cyber insurance coverage, largely due to the difficulties associated with the design of a comprehensive cyber-risk-assessment and -mitigation program [44]. The lack of a one-size-fits-all approach to cyber insurance, with each customer having unique requirements and needs, exacerbates the problem. The challenge of unpredicted demand for security services is particularly acute as cyber threats continue to evolve at an exponential pace, making it difficult to anticipate future security needs [45]. Furthermore, the unpredictable nature of cyber risks, combined with the lack of historical data, makes it challenging to estimate the potential impact of a cyberattack [46]. This lack of certainty is reflected in the high cost of cyber insurance premiums, which, in turn, makes it difficult for power grid utility providers to justify the investment. Given these challenges, it is crucial to design customized solutions for cyber insurance management that effectively contain risk. This could involve a combination of risk transfer mechanisms, such as insurance coverage, and risk-mitigation strategies.

1.2. The Proposed Approach and Novelties

This work introduces a cyber insurance model specifically designed for ICT-integrated multi-energy systems to mitigate the risks associated with cyberattacks, particularly false data injection (FDI) threats. Tailored to meet the critical needs of these systems, the model covers immediate post-attack expenses such as system diagnosis, component isolation, and restoration, focusing on risks to data and control systems that may disrupt operations. It calculates premiums based on the system’s risk profile, incorporating factors like complexity and past cyber incidents. The model strategically combines risk management with financial tools to ensure continuous operation, which is crucial for multi-energy systems. Additionally, it proposes a novel two-stage hierarchical cyber insurance planning (TCIP) model that optimizes insurance costs and operational efficiencies through risk transfer and real-time defense strategies. The TCIP model employs a moment-based Distributionally Robust Optimization (DRO) method, ensuring adaptability to FDI threats. Its effectiveness is demonstrated through simulations in a 33-20 distribution multi-energy grid (MEG) system, showing significant reductions in load shedding and operational costs.

This paper introduces a novel, cooperative, risk-management strategy that revolutionizes traditional approaches to cyber risk in power grid systems. Unlike conventional methods that primarily focus on financial risk transfer, this innovative strategy fosters a dynamic collaboration between insurers and grid operators, embedding proactive and reactive measures to robustly counteract cyber threats. The insurer’s involvement extends beyond mere post-incident financial restitution; it encompasses active participation in incident management, supplying specialized expertise and advanced cybersecurity technologies that are critical for rapid and effective incident response. This collaborative effort not only expedites the recovery process but also minimizes downtime and operational disruptions. Insurers contribute their extensive knowledge and resources, which are crucial for swiftly identifying, containing, and mitigating cyberattacks. This enables grid operators to customize their response strategies to specific threats, significantly enhancing the system’s defensive capabilities. Moreover, the mutual engagement in developing and implementing comprehensive cybersecurity protocols, conducting thorough risk assessments, and maintaining ongoing system monitoring ensures that vulnerabilities are preemptively identified and addressed. The strategy introduced in this paper promotes a shared-responsibility framework, where both insurers and the insured party actively participate in the intricate web of decision making and risk management. This approach not only enhances immediate response capabilities but also bolsters long-term system resilience against cyber threats. It represents a paradigm shift in the understanding of cyber insurance, positioning it as a vital, integrated component of holistic cyber risk-management strategies for power grids. This cooperative risk management model is not just a theoretical construct but a practical, innovative solution that significantly advances the security and robustness of power systems, offering a blueprint for future approaches to infrastructure protection. In Figure 1, a graphical summary illustrates the multifaceted rationale behind our study, highlighting the complex interplay between enhancing cybersecurity, optimizing economic outcomes, and advancing research methodologies in smart city energy systems. The first segment of the diagram emphasizes the critical need for robust cybersecurity measures to address inherent vulnerabilities and minimize the economic impacts of cyber incidents on the interconnected infrastructure of smart cities. This protection is essential in preventing operational disruptions and costly recoveries following cyber threats. The second segment focuses on the strategic implementation of cyber insurance as a financial risk management tool, which not only transfers financial risks to insurers but also enhances cost efficiency and encourages proactive technological investments. This ensures that smart cities can maintain resilience while fostering economic stability. The third segment outlines our commitment to advancing the knowledge and methodologies in cyber risk management. It depicts how empirical insights from our study inform policy making and promote an interdisciplinary approach, integrating cybersecurity, insurance economics, and energy management to effectively tackle the challenges faced by smart city infrastructures. Together, these elements provide a comprehensive understanding of the reasons why this research is critical, serving as a foundation for further investigation and development in the field.

In conclusion, this work presents a significant contribution to the field of cyber insurance management for ICT-enabled multi-energy grids, offering a comprehensive and effective solution for mitigating cyber threats.

✓

In comparison to prior studies in the realm of cyber insurance management for electric vehicle charging stations or local energy systems, the present work encompasses a more comprehensive scope; it takes a full array of physical constraints and system functionalities into account, including optimal power flow, generator dispatch, and energy-balancing conditions. The proposed cyber insurance framework does not merely represent a risk-transfer solution; rather, it represents a cooperative risk-management strategy for energy system operators.

✓

Cyberattacks in power systems are known to trigger a cascade of effects that propagate through interconnected subsystems. Previous work in the realm of MEGs has not considered the implications of such attacks on cyber insurance management. To address this, the present work leverages optimal coordination of system interdependencies in order to mitigate attack consequences and minimize losses.

✓

Given the lack of historical data and the unpredictable nature of cyberattacks, a novel two-stage DRO method is adopted to estimate the potential impact of such attacks and formulate the total cost of the TCIP model. Unlike traditional SMP methods, the DRO approach seeks an optimal solution under the worst-case uncertainty distribution and provides robust mitigation against cyberattacks.

The subsequent sections of this paper are arranged as follows: Section 2 provides an overview of detection bypassing and cyber intrusion principles; Section 3 formulates the TCIP model; Section 4 outlines the DRO method and its solution procedures; Section 5 presents case studies to test the performance of the TCIP model; the paper concludes in Section 6.

2. Modeling of Cyber Intrusions in Energy Systems

This section illustrates how the stealthily designed FDI attacks are executed to introduce erroneous data into system measurements, thereby causing disruptions in the operations and decision-making processes of the energy systems. State estimation is widely used for detecting the redundant measurements and eliminating erroneous signals [47]. Equation (1) demonstrates nonlinear measurement between meter measurements, $z$, and state variable $\psi$, where $e$ denotes the measurement errors. The Jacobian matrix is denoted as $H$. This manipulation of data typically occurs without detection, as FDI attacks are designed to mimic legitimate data patterns. These attacks introduce discrepancies that can lead to incorrect system operations, affecting energy distribution and stability. The process of state estimation, therefore, is crucial for identifying and correcting these deviations by providing a mathematical method of estimating the actual system states based on the measurements received.

$$z=H\psi +e$$

(1)

Weighted least squares (WLS) is widely used for bad data detection; it estimates the values of the model parameters based on ordinary least squares and linear regression. WLS estimates the unknown values in the regression function via minimizing the sum of squared deviations of errors and functional portion of the model [48]; in (2), $z_m$ is assumed to follow normal distribution with zero mean and diagonal covariance matrix D = diag(${{\sigma }_1}^2$, ${{\sigma }_2}^2$, …, ${{\sigma }_M}^2$). WLS is a refinement of the ordinary least squares, incorporating weights into the regression to account for variations in data quality or informational content. This method is particularly effective in contexts where measurement errors vary significantly across data points, allowing for more accurate estimation by giving less weight to data points with higher variances. In energy system monitoring, where measurements can be influenced by a variety of error sources, applying WLS helps in minimizing the influence of these errors on the estimation process. By optimizing the weights assigned to each measurement based on their estimated precision, represented by the diagonal elements of matrix D, WLS finetunes the parameter estimation process to improve the robustness and reliability of the state estimation. The objective of the WLS in this context is to minimize the sum of the weighted squared differences between observed measurements and those predicted by the model, which leads directly into the formulation of Equation (2).

$$L\left(\psi \right)=\sum _{m=1}^M{\left(z_m-H_m\psi \right)}^2/D_{mm}$$

(2)

The derivation of the optimal solution involves computing the pseudo-inverse of the matrix formed by the product of the transpose of the Jacobian matrix, H, the inverse of the covariance matrix, D, and H again. This calculation method leverages the generalized least squares approach, which assigns weights to the measurements optimally according to their respective variances to minimize estimation errors. The resulting solution, represented by Equation (3), provides the most statistically efficient estimate of the state variables, assuming that the errors are normally distributed and independent.

$${\widehat{\psi }}_{}={\left(H^T{D}^{-1}H\right)}^{-1}{H}^T{D}^{-1}{z}_{}$$

(3)

When an FDI attack is launched, erroneous measurements are manipulated. Bad data detection utilizes residual $\rho =z_{}-H_{}{\widehat{\psi }}_{}$ to detect the measurements that have been tampered with. When ${\displaystyle \frac{z_m-H_m{\widehat{\psi }}_{}}{{\sigma }_m}}$ follows the normal distribution; $L\left(\widehat{\psi }\right)$ is proved to follow the ${\chi }^2$ distribution. $z$ is considered as a bad data measurement when $L\left(\widehat{\psi }\right)$ is larger than the threshold ζ.

$$L\left(\widehat{\psi }\right)={\sum }_{m=1}^M{\left({\displaystyle \frac{r_m}{{\sigma }_m}}\right)}^2={\sum }_{m=1}^M{\left({\displaystyle \frac{z_m-H_m{\widehat{\psi }}_{}}{{\sigma }_m}}\right)}^2={\left(z_{}-H_{}{\widehat{\psi }}_{}\right)}^T{D}^{-1}\left(z_{}-H_{}{\widehat{\psi }}_{}\right)$$

(4)

The attacker strategically crafts a vector that will alter the system’s measurements in a subtle—yet impactful—way. This attack vector, denoted as a, is designed to seamlessly integrate with the normal data flow, making detection challenging. It is computed by multiplying the Jacobian matrix H by a nonzero vector, c, which represents specific alterations in state variables that are intended to mislead the state estimation process.

$$a=Hc$$

(5)

During an FDI attack, the actual measurements z are altered by the addition of the attack vector a, resulting in manipulated measurements, $z_a$. This alteration impacts the estimated state, ${\widehat{\psi }}_a$, which adjusts to $\widehat{\psi }+c$ due to the deceptive data. Consequently, the residual ${\rho }_a$, which reflects the difference between manipulated measurements and the recalculated estimates, remains ostensibly unchanged, masking the presence of the attack.

$${\rho }_a=z_a-H{\widehat{\psi }}_a=\left(z+a\right)-H\left(\widehat{\psi }+c\right)=\rho$$

(6)

When $L\left(\widehat{\psi }\right)$, corresponding to $\rho$, is smaller than the threshold ζ, then $L\left({\widehat{\psi }}_a\right)$ is also smaller than the threshold ζ, since ${\rho }_a=\rho$ and $L\left({\widehat{\psi }}_a\right)=L\left(\widehat{\psi }\right)$. Accordingly, the attack is successful, evading the detection of the bad data.

3. The Proposed Cyber Insurance Planning Model

3.1. Objective Function

The objective functions are made with the intention of minimizing the total cost that stems from both the cyber insurance planning and the operation cost to defend against the possible FDI; the objective functions are formulated in the first and second stages, respectively. Equation (7) formulates the objective function in the first stage, seeking to minimize the cyber insurance planning cost ${\Gamma }_{inv}$, where $p_b^{inv}$ and $p_n^{inv}$ indicate the power load amount covered by the insurance; $o_b^{inv}$ and $o_n^{inv}$ represent the unit cost of the insurance premium. Equation (8) presents the second-stage operation objective function, including the costs of power and gas generation ${p_{i,t}{o}_i^{}+p}_{j,t}{o}_j^{}$, the usage of gas turbine costs $p_{gt,t}{o}_{gt}^{}$, the storage costs $p_s^{ch}{o}_{s,t}^{ch,bs/gs}+p_s^{dch}{o}_{s,t}^{dch,bs/gs}$, and the load-shedding costs ${p_{d_{e,t}}^{ls}o}_{d_e}^{ls}+p_{d_g,t}^{ls}{o}_{d_g}^{ls}$ during the operation to respond to the energy supply shortage that was caused by the FDI attacks.

$${\Gamma }_{\mathit{inv}}=\sum _b^B{p}_b^{inv}{o}_b^{inv}+p_n^{inv}{o}_n^{inv}$$

(7)

$${\Gamma }_{op}^{}=\mathrm{m}\mathrm{i}\mathrm{n}\sum _{i,j,gt,es,t}{p}_{i,t}^{}{o}_i^{}+p_{j,t}{o}_j^{}+p_{gt,t}{o}_{gt}^{}+p_{s,t}^{ch}{o}_s^{ch,bs/gs}+p_{s,t}^{dch}{o}_s^{dch,bs/gs}+{p_{d_{e,t}}^{ls}o}_{d_e}^{ls}+p_{d_g,t}^{ls}{o}_{d_g}^{ls}$$

(8)

3.2. Constraints

Overall, the power distribution system is radially structured and the DistFlow equation is applied for power flow modelling [49]. Power and gas systems are intertwined through energy converters. These are accounted for in the Weymouth equations for gas systems.

The output constraints of power distributed generators (DGs) $p_{i,t}^{}$, gas sources $p_{j,t}^{}$, gas turbines $p_{gt,t}^{}$, and power market injection $p_{m,t}^{}$ are stated in (9). Meanwhile, the reactive power output of DGs $q_{i,t}^{}$ is ensured in (10). Constraint (11) sets the upper and lower bounds for the charging/discharging power ($p_{s,t}^{ch}$ and $p_{s,t}^{dch}$) of battery storage systems. Constraint (12) indicates the current battery state $r_{s,t}^{}$ is based on the state of the last time period $r_{s,t-1}^{}$, where ${\eta }_s^{ch}$ and ${\eta }_s^{dch}$ are the efficiencies.

$$0\le p_{\left\{·\right\},t}^{}\le p_{\left\{·\right\},max}^{},\left\{·\right\}=i,j,gt,m$$

(9)

$$0\le q_{i,t}^{}\le q_{i,max}^{}$$

(10)

$$0\le p_{s,t}^{ch/dch}\le p_{s,max}^{ch/dch}$$

(11)

$$r_{s,t}^{}=r_{s,t-1}^{}+p_{s,t}^{ch}{\eta }_s^{ch}-p_{s,t}^{dch}/{\eta }_s^{dch}$$

(12)

$$r_{s,min}^{}\le r_{s,t}^{}\le r_{s,max}^{}$$

(13)

Constraints (14) and (15) establish the relationship between voltage and power flow, where $u_{b,t}^{ini}$ and $u_{b,t}^{ter}$ are the voltages of intital and terminal buses on a same line; the active and reactive power flow are represented by $f_{l,t}^{}$ and ${qf}_{l,t}^{}$; the resistance and reactance are denoted as $R_l$ and $X_l$. Followed by the power flow expression are the magnitude constraints of the power flow in (16) and (17).

$$u_{b,min}^{}{\le u}_{b,t}^{}\le u_{b,max}^{}$$

(14)

$$u_{b,t}^{ini}-u_{b,t}^{ter}=\left(f_{l,t}^{}{R}_l+{qf}_{l,t}^{}{X}_l\right)/u_0$$

(15)

$$0\le f_{l,t}^{}\le f_{l,max}^{}$$

(16)

$$0\le {qf}_{l,t}^{}\le {qf}_{l,max}^{}$$

(17)

Similar to (11)–(13), Equations (18)–(20) show the gas storage modelling, where $p_{gs,t}^{ch/dch}$ is the charging/discharging power at time t, $r_{gs,t}^{}$ is the remaining gas storage capacity, the operational efficiencies are represented by ${\eta }_{gs}^{ch}$ and ${\eta }_{gs}^{dch}$. In [50], the Weymouth gas flow equations are given, where ${\theta }_{gl,t}^{{}^{}}$ is the pressure; the pressure at the initial and terminal gas nodes is ${\theta }_{gl,t}^{ini}$ and ${\theta }_{gl,t}^{ter}$; ${\chi }_{gl}$ is the Weymouth equation constant; the gas flow is denoted as $f_{gl,t}^{}$.

$$0\le p_{gs,t}^{ch/dch}\le p_{gs,max}^{ch/dch}$$

(18)

$$r_{gs,t}^{}=r_{gs,t-1}^{}+p_{gs,t}^{ch}{\eta }_{gs}^{ch}-p_{gs,t}^{dch}/{\eta }_{gs}^{dch}$$

(19)

$$r_{gs,min}^{}\le r_{gs,t}^{}\le r_{gs,max}^{}$$

(20)

$${{\theta }_{gl,min}^{2^{}}}^{}\le {\theta }_{gl,t}^{{}^2}\le {\theta }_{gl,max}^{2^{}}$$

(21)

$${{\theta }_{gl,t}^{ini}}^{}\ge {{{\theta }_{gl,t}^{ter}}^{}}^{}$$

(22)

$$f_{gl,t}^{}\left|f_{gl,t}^{}\right|={\chi }_{gl}\left({\theta }_{gl,t}^{{ini}^2}-{{\theta }_{gl,t}^{{ter}^2}}^{}\right)$$

(23)

$${0\le f}_{gl,t}^{}\le f_{gl,max}^{}$$

(24)

Constraints (25) and (26) are the explicit modelling of FDI attacks. To successfully evade detection, the overall sum of the manipulated load deviation has to be unchanged, and the deviation magnitude must be limited to being within a safety range. Active and reactive power balance constraints are presented in (27) and (28), where ${\sigma }_{rew,t}^{}$ represents the renewable generation uncertainty; the load demand is $p_{pl,t}$; the P2G conversion is $p_t^{p2g}$. In (29), the gas balance constraint at each node is given.

$$\sum _{pl}\mathsf{\Delta }{p_{pl,t}^{LR}}_{}=0$$

(25)

$$-{\delta }_{LR}{p}_{pl,t}\le \mathsf{\Delta }{p_{pl,t}^{LR}}_{}\le {\delta }_{LR}{p}_{pl,t}$$

(26)

$$\sum _i{p}_{i,t}^{}+\sum _{gt}{p}_{gt,t}^{}+\sum _{rew}{\xi }_{rew,t}+\sum _l{f}_{l,t}^{ini}-f_{l,t}^{ter}+\sum _s{p}_{s,t}^{dch}-p_{s,t}^{ch}=\sum _{pl}{p}_{pl,t}+\sum _{p2g}{p}_{p2g,t}^{}+\mathsf{\Delta }{p_{pl,t}^{LR}}_{}-p_{pl,t}^{ls}$$

(27)

$$\sum _i{q}_{i,t}^{}+\sum _l{qf}_{l,t}^{ini}-\sum _l{qf}_{l,t}^{ter}=\sum _{pl}{q}_{pl,t}$$

(28)

$$\sum _j{p}_{j,t}^{}+\sum _{gl}{f}_{gl,t}^{ini}-f_{gl,t}^{ter}+\sum _{p2g}{p}_{p2g,t}^{}+\sum _{gs}{p}_{gs,t}^{dch}-p_{gs,t}^{ch}=\sum _{gl}{p}_{gl,t}+\sum _{gt}{p}_{gt,t}^{}$$

(29)

4. Distributionally Robust Decision Making

DRO is used for FDI scenario deduction, and it implements rational decision making for the proposed TCIP. The two-stage TCIP model is given as follows:

$$\underset{x}{\min }{c}^{T}x+\underset{\mathbb{P}\in D_F}{\sup }{E}_{\mathbb{P}}\left[Q\left(x,\xi \right)\right]$$

(30)

$$Ax\le b$$

(31)

where x and y are the decision variables of the first and second stages. $c^{T}x$ and $Q\left(x,\xi \right)$ represent the objective functions. Equation (31) is the compact form of the first-stage constraints. The explicit second-stage objective and abstract constraint are shown in (32) and (33). Note that uncertainties are addressed in the second stage and ξ ≔ (d, B, C, h) for notation simplicity.

$$Q\left(x,{\xi }_{}^{}\right)=\underset{y}{\min }{d}^{T}y$$

(32)

$$\mathrm{Subject}\mathrm{to}Bx+Cy\le h,$$

(33)

The ambiguity set is used to capture a family of uncertainty distributions supported by the empirical data. In this paper, a moment-based ambiguity set is applied for cyberattack scenario deduction.

$$D_F:=\left\{\mathbb{P}\in D_F|\begin{array}{c}P\left\{{\xi }_{\phi }^{}\right\}=1\\ E_{\mathbb{P}}\left[{\xi }_{\phi }^{}\right]={\mu }_{\phi },\phi =1,\dots ,n\\ E_{\mathbb{P}}\left[{\xi }_{\phi }^{}\right]\le {\mu }_{\phi },\phi =n+1,\dots ,m\end{array}\right\}$$

(34)

First derive the Lagrange function of the inner maximization problem sup $E_{\mathbb{P}}\left[Q\left(x,\xi \right)\right]$.

$$F\left(P,\lambda \right)=E_{\mathbb{P}}\left[Q\left(x,\xi \right)\right]-{\lambda }_0\left(E_{\mathbb{P}}\left[1\right]-1\right)$$

(35)

$$-\sum _{\phi =1}^m{\lambda }_{\phi }\left(E_{\mathbb{P}}\left[{\xi }_{\phi }^{}\right]-{\mu }_{\phi }\right)=E_{\mathbb{P}}\left[Q\left(x,\xi \right)-{\lambda }_0-\sum _{s=1}^m{\lambda }_{\phi }{\xi }_{\phi }^{}\right]+{\lambda }_0+\sum _{\phi =1}^m{\lambda }_{\phi }{\xi }_{\phi }^{}$$

It is obvious that, when Q(x, ξ) − λ0 − ∑m λφξφ > 0, sup F(P, λ) = ∞. Accordingly, the inequality in (36) holds.

$$Q\left(x,\xi \right)-{\lambda }_0-\sum _{\phi =1}^m{\lambda }_{\phi }{\xi }_{\phi }^{}\le 0$$

(36)

As a consequence, the Lagrange dual of sup $E_{\mathbb{P}}\left[Q\left(x,\xi \right)\right]$ is given as follows:

$$\underset{{\lambda }_0,{\lambda }_1,\dots ,{\lambda }_m}{\mathrm{i}\mathrm{n}\mathrm{f}}{\lambda }_0+\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }$$

(37)

$$\mathrm{Subject}\mathrm{to}{\lambda }_{\phi }\ge 0,\phi =n+1,\dots ,m,$$

(38)

$$Q\left(x,\xi \right)\le {\lambda }_0+{\sum }_{\phi =1}^m{\lambda }_{\phi }{\xi }_{\phi }^{}$$

(39)

The equivalent form of (37)–(39) is shown as (40)–(43), which is deemed as the distributionally robust counterpart of (30).

$$\underset{{x,\lambda }_0,{\lambda }_1,\dots ,{\lambda }_m}{\mathrm{m}\mathrm{i}\mathrm{n}}{c}^{T}x+{\lambda }_0+\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }$$

(40)

$$\mathrm{Subject}\mathrm{to}Ax\le b,$$

(41)

$${\lambda }_{\phi }\ge 0,\phi =n+1,\dots ,m,$$

(42)

$$Q\left(x,\xi \right)\le {\lambda }_0+{\sum }_{\phi =1}^m{\lambda }_{\phi }{\xi }_{\phi }^{}$$

(43)

Equations (40)–(43) can be reformulated as (44) by eliminating λ₀.

$$\underset{{x,\lambda }_0,{\lambda }_1,\dots ,{\lambda }_m}{\mathrm{m}\mathrm{i}\mathrm{n}}{c}^{T}x+\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }+\underset{\xi }{\sup }\left(Q\left(x,\xi \right)-\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }\right)$$

(44)

$$\mathrm{Subject}\mathrm{to}Ax\le b,$$

(45)

$${\lambda }_{\phi }\ge 0,\phi =n+1,\dots ,m$$

(46)

Then, establish a CVaR-based sample average approximation model for the above distributionally robust counterpart, as stated in [51]. Note that CI represents the confidence interval and is the loss threshold; [x]⁺ picks the larger value between x and 0.

$$C{VaR}_{}\left(Q\left(x,\xi \right)\right):=$$

(47)

$$\underset{\zeta \in \mathbb{R}}{\inf }\left\{\zeta +{\displaystyle \frac{1}{1-CI}}{\int }_{\xi \in \Theta }^{}{\left[Q\left(x,\xi \right)-\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }-\zeta \right]}^{+}{p}_{}\left(\xi \right)d\xi \right\}$$

Then, the CVaR approximation is applied to replace the min- sup structure by recalling (44)–(46). Due to the difficulty that is encountered when calculating the integrals in the CVaR approximation, a SAA method is adopted. The CVaR-based SAA model is given in (48)–(50), where ξ1, …, ξ are the independent samples and belong to ξ ∈ Θ.

$$\underset{{x,\lambda }_{},\zeta }{\mathrm{m}\mathrm{i}\mathrm{n}}{c}^{T}x+\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }+$$

(48)

$$\zeta +{\displaystyle \frac{1}{1-CI}}\sum _{\phi =1}^m{\left[Q\left(x,{\xi }_j\right)-\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }-\zeta \right]}^{+}$$

$$\mathrm{Subject}\mathrm{to}Ax\le b,$$

(49)

$${\lambda }_{\phi }\ge 0,\phi =n+1,\dots ,m$$

(50)

To solve the problem in (48)–(50), a stochastic dual dynamic programming (SDDP) method is adopted, which is tailored for solving multistage stochastic programming problems [52]. It aims to establish a linear approximation for Q(x, ξ_j). The dual form of (32) and (33) is firstly derived as follows:

$$Q\left(x,{\xi }_{}^{}\right)=\underset{\alpha }{\max }{\left(Bx-h\right)}^T\alpha$$

(51)

$$\mathrm{Subject}\mathrm{to}{C}^T\alpha +d=0,\alpha \ge 0$$

(52)

Note that α is the dual solution of (32) and (33). The linear approximation of Q(x, ξ) is derived as follows:

$$\underset{{x,\lambda }_{},\zeta }{\mathrm{m}\mathrm{i}\mathrm{n}}{c}^{T}x+\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }+$$

(53)

$$\zeta +{\displaystyle \frac{1}{1-CI}}\sum _{\phi =1}^m{\left[R_{k+1}\left(x,\xi \right)-\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }-\zeta \right]}^{+}$$

$$\mathrm{Subject}\mathrm{to}Ax\le b,$$

(54)

$${\lambda }_{\phi }\ge 0,\phi =n+1,\dots ,m$$

(55)

where U_k(x, ξ) and R_k(x, ξ) are defined as (56) and (57). When x and ξ are fixed, Q(x, ξ) must be larger than or equal to its supporting planes, i.e., Q(x, ξ) ≥ R_k(x, ξ).

$$U_k\left(x,{\xi }_{}^{}\right)=Q\left(x_k^{},\xi \right)+B^T{\alpha }_k^{}\left(\xi \right)\left(x-x_k^{}\right)$$

(56)

$$R_{k+1}\left(x,\xi \right)=\mathrm{m}\mathrm{a}\mathrm{x}\left\{R\left(x_k^{},\xi \right),U_k\left(x,{\xi }_{}^{}\right)\right\}$$

(57)

Finally, the SDDP method for solving (53)–(55) is given in Figure 2. In the proposed SDDP approach, the sequence of solving the second-stage problem $Q\left(x_k,{\xi }_j\right)$ before the first-stage problem is integral to the methodology. This structured sequence optimizes decision-making processes under uncertainty. By initially addressing the second-stage problem, decision variables $x_k$ and stochastic parameters ${\xi }_j$ are utilized to derive the dual solutions ${\alpha }_k\left({\xi }_j\right)$ and the primal solutions $y_k\left({\xi }_j\right)$. This strategy allows for the capture and quantification of the impacts of various uncertainties on the system’s performance before finalizing the first-stage decisions.

This preemptive solving of the second-stage problem provides essential insights into the conditional value functions and their gradients, which are critical for accurately updating the policy approximation in the first-stage problem. Consequently, first-stage decisions can be more effectively optimized to account for the range of possible future scenarios, thereby enhancing the robustness of the overall system against uncertainties. The results from the second-stage problem serve as foundational inputs for refining the decision rules applied in the first stage, $x_{k+1},{\lambda }_{k+1},{\zeta }_{k+1}$, ensuring that the approach is both proactive and responsive to changing conditions.

The lower bound and upper bound problems are

$$c^{T}x+\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }+\zeta +{\displaystyle \frac{1}{1-CI}}\sum _{\phi =1}^m{\left[R_{k+1}\left(x,\xi \right)-\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }-\zeta \right]}^{+}$$

(58)

$$c^{T}x+\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }+\zeta +{\displaystyle \frac{1}{1-CI}}\sum _{\phi =1}^m{\left[Q_{k+1}\left(x,\xi \right)-\sum _{\phi =1}^m{\lambda }_{\phi }{\mu }_{\phi }-\zeta \right]}^{+}$$

(59)

5. Case Studies

To test the proposed TCIP model in strengthening the system’s cyber security, a simulation-based case study was performed on an urban distribution grid consisting of an IEEE 33-bus power system connected to a 20-node gas system, as described in Figure 3. Figure 4 shows the power load demand profile. This system contains three conventional DGs and four renewable energy sources. The system also includes battery and gas storage for flexible operation. Based on the previous research, the insurance premium is USD 864/MWh and the load shedding penalty is USD 968/MWh [32].

Table 1. Parameters of gas generators.

Node No.	${\mathit{p}}_{\mathit{j}\mathbf{,}\mathit{m}\mathit{a}\mathit{x}}$ (kcf/h)	${\mathit{p}}_{\mathit{j}\mathbf{,}\mathit{m}\mathit{i}\mathit{n}}$ (kcf/h)	${\mathit{o}}_{\mathit{j}} \mathbf{(}\mathit{U}\mathit{S}\mathit{D}\mathbf{/}\mathbf{k}\mathbf{c}\mathbf{f}\mathbf{)}$
N1	35.31	0	22
N8	70.63	0	20

and

Table 2. Parameters of traditional DGs.

Node No.	${\mathit{p}}_{\mathit{i},\mathit{m}\mathit{a}\mathit{x}}$ (MW)	${\mathit{p}}_{\mathit{i}\mathbf{,}\mathit{m}\mathit{i}\mathit{n}}$ (MW)	${\mathit{o}}_{\mathit{i}} \mathbf{(}\mathit{U}\mathit{S}\mathit{D}\mathbf{/}\mathbf{M}\mathbf{W}\mathbf{)}$
13	1.2	0.3	7100
23	1.2	0.3	10,500
28	1.0	0.1	10,500

demonstrate the technical parameters of the power and gas generators. The established simulations are executed using MATLAB R2021b with a MOSEK 10.0.33 solver on a laptop with an Intel Core i7-1250 CPU and 16 GB of RAM.

To highlight the merit of the proposed TCIP, six cases were designed in the evaluation, as follows:

• Case I: Baseline case.
• Case II: Limiting the insurance purchase amount by 20%.
• Case III: Limiting the insurance purchase amount by 50%.
• Case IV: Increasing the insurance price by 25%.
• Case V: Increasing the insurance price by 50%.
• Case VI: Omitting the renewable generation uncertainty.

The load shedding consequences are examined under a spectrum of scenarios, characterized by varying attack intensities and the overall system loads shown in Figure 5, Figure 6 and Figure 7. The findings demonstrate that, as the attack level and system load increase, the resulting load shedding also increases across all scenarios. It is noted that the most severe load shedding occurs in Case III, with a total of 21.9 MWh, while the least significant load shedding is observed in Case I, at 19 MWh. This highlights the finding that limiting the insurance purchase amount has an adverse impact on the security of the system’s operation. Furthermore, the observations indicate that the rate of the load shedding increment is relatively slow when the system load is low, but increases significantly as the system load rises.

Table 3. Operational costs for all cases.

Economic Result (USD)	Case I	Case II	Case III	Case IV	Case V	Case VI
First stage	305,288	364,120	392,158	321,804	336,085	299,594
Expected second stage	41,762	52,819	55,402	44,187	46,820	36,142
Total	347,050	416,939	447,560	365,991	382,905	335,736

shows the operation cost results for all the cases in terms of the two separated stages. Cases I–III are used to test the impact of the insurance purchase amount on the operation cost. Case II shows a noticeable increase in the first-stage results, with a 19.8% increase when compared to Case I. A considerable increase can be seen in the expected second-stage results of Case II, which exhibits a 44.7% increase when compared to Case I. The total results reflect the finding that Case II provides a 20.7% improvement over Case I. A comparison between Case II and Case III highlights the following finding: Case III exhibits a slight increase in the first-stage results, with a 7.7% rise when compared to Case II. The expected second-stage results of Case III show a marginal improvement, with a 2.8% increase when compared to Case II. The above findings indicate that limiting the cyber insurance purchase amount will inevitably cause the operation costs to increase.

Cases IV and V are set to test the influence of the insurance premium on economic performance. The total operation cost is USD 365,991 under Case IV when the premium is increased by 25%. In addition, in Case V, an extra 4.7% cost increase is noted when the premium is increased by a further 25%. Case V displays a slight growth in the first-stage result, with a 3.6% increase when compared to Case IV. The operation cost result is also examined without considering the uncertainty of renewable generation in Case VI. It can be seen that the second-stage result is reduced by USD 5620.

As for the interplay between the cyber insurance amount and the premium and their effect on the load shedding results, the findings are displayed in Figure 8a,b; the findings reveal that a reduction in the insurance amount leads to a proportional rise in power load shedding. Specifically, there is a 0.12 MWh and 0.68 MWh increase in load shedding under Cases II and III, respectively. However, the results also highlight the importance of a well-structured insurance plan. When insurance coverage is carefully planned, it allows for real-time emergency response to prioritize the protection of uninsured loads, ultimately reducing the overall load shedding amount. As for the impact of the insurance premium on load shedding, the results show that an increase in the insurance premium results in an increase in load shedding; this is indicated by the 11.8% increase that was observed when an additional premium of 25% is applied. The study provides valuable insights into the relationship between the cyber insurance amount and the premium and their effects on the load shedding results. The results demonstrate the need for a well-planned insurance strategy to minimize the impact of load shedding, as well as highlighting the trade-off between the insurance premium and the load shedding outcomes.

The influence of varying attack levels on the power load shedding results is presented in Figure 8c,d. It can be observed that a higher attack level results in a corresponding increase in load shedding. This can be attributed to the direct and proportional relationship between the attack level and the detrimental impact on the power system. The findings show that an attack level of 25% results in a load shedding amount of 13.28 MWh and 15.12 MWh for Cases I and III, respectively. These results highlight the significance of robust security measures and the need for an efficient response strategy to mitigate the consequences of cyberattacks on the energy system.

6. Comparative Analysis of Cybersecurity Methodologies

This study integrates and applies the methodologies from two recent research papers, adapting their innovative approaches to unique scenarios for a comprehensive comparative analysis [30,32]. Initially, the coalitional cyber insurance model presented in the first referenced paper was applied to a collaborative framework among multiple energy system operators within a simulated smart city environment [32]. This model enables the formation of a risk-sharing coalition, where premiums are calculated based on shared data regarding vulnerabilities and historical cyber incident data, thereby attempting to mitigate the financial impact across all participating entities. Additionally, the actuarial framework, using semi-Markov processes, is incorporated, modeling the durations and state transitions of the cyberattacks that are affecting the smart city’s energy infrastructure [30]. This adaptation involves developing a stochastic model to assess the interdependencies among cyber risks across the integrated energy systems, employing Monte Carlo simulations to predict the impact and effectiveness of the proposed insurance schemes under various cyberattack scenarios. Through these applications, the proposed approach not only leverages the existing theoretical advancements but also enhances them by tailoring their implementation to fit the specific context and challenges of the scenarios. The outcomes of applying these methods are then meticulously compared with the results derived from the proposed proprietary method, focusing on several key performance indicators, such as risk mitigation efficiency, cost reduction, operational resilience, and recovery capabilities. This comparative analysis seeks to underline the advantages and potential limitations of each approach, providing a nuanced understanding of their applicability and effectiveness in real-world settings. By methodically evaluating these adapted methodologies against the proposed approach, the study aims to demonstrate the superiority, or in certain cases, the complementary nature of the proposed method, offering valuable insights into the strategic management of cyber risks in critical infrastructure environments.

In

Table 4. Performance metrics comparison.

Method	Cost Reduction (%)	Risk Mitigation Efficiency (%)
The proposed DRO method	12.5	82.3
Coalitional Cyber Insurance Model	10.2	75.5
Actuarial Cybersecurity Framework	8.7	70.8

, a comparative analysis of performance metrics across three different methodologies applied to cyber risk management in power systems is presented. The table focuses on two key performance indicators: cost reduction and risk mitigation efficiency. Cost reduction (%) is calculated as the percentage decrease in the total financial expenditure associated with managing and mitigating cyber risks compared to a baseline scenario without the implemented method. Risk mitigation efficiency (%) measures the effectiveness of a method in reducing the frequency and severity of cyber incidents, thereby maintaining system stability and operational continuity. The proposed DRO method demonstrates superior performance in both metrics compared to the other two methodologies. It achieves a cost reduction of 12.5%, which is 2.3% higher than that achieved by the Coalitional Cyber Insurance Model and 3.8% higher than the Actuarial Cybersecurity Framework. This indicates a more efficient allocation and utilization of resources under the DRO method, potentially leading to significant savings in operational costs for power systems. In terms of risk mitigation efficiency, the DRO method also leads with an 82.3% efficiency rate, surpassing the Coalitional Cyber Insurance Model by 6.8% and surpassing the Actuarial Cybersecurity Framework by 11.5%. This enhanced efficiency underscores the effectiveness of the DRO method in not only identifying and responding to cyber threats but also in maintaining system stability and reducing potential disruptions caused by such threats. The results underscore the DRO method’s robustness and adaptability in handling the uncertainties and dynamics of cyber threats more effectively than the other tested methods. The superior performance of the DRO method in both cost reduction and risk mitigation efficiency positions it as a promising approach for enhancing the cyber resilience of power systems. These findings advocate for its consideration and potential implementation in real-world scenarios; here, reducing costs while effectively managing risks is of paramount importance.

Table 5. Financial resilience metrics.

Method	Cost Reduction (%)	Risk Mitigation Efficiency (%)	Cost–Benefit Ratio
The proposed DRO method	14.3	40.6	1:4.2
Coalitional Cyber Insurance Model	12.8	35.4	1:3.5
Actuarial Cybersecurity Framework	10.9	30.7	1:2.9

presents a detailed comparison of financial resilience metrics among the three distinct methodologies that were applied to cyber risk management within power systems. This table focuses on three critical financial indicators: cost reduction, risk mitigation efficiency, and the cost–benefit ratio. Cost reduction (%) is quantified as the percentage reduction in financial outlays necessary for managing cyber risks, reflecting how each method economizes on cyber risk management expenses. Risk mitigation efficiency (%) assesses the effectiveness of each method in reducing the likelihood and impact of cyber threats, an effort which is crucial for maintaining operational integrity. The cost–benefit ratio offers insight into the economic efficiency of the investments, calculated by comparing the costs incurred to the benefits gained, expressed as a ratio. The proposed Distributionally Robust Optimization (DRO) method exhibits the highest performance across all the metrics, with a cost reduction of 14.3%, a risk mitigation efficiency of 40.6%, and a cost–benefit ratio of 1:4.2. These results indicate the superior cost management of the DRO method, in addition to its exceptional balance of expenditure versus payoff, suggesting an optimal allocation of resources for maximum return on investment. In comparison, the Coalitional Cyber Insurance Model and the Actuarial Cybersecurity Framework show lower efficacies, with cost reductions of 12.8% and 10.9%, risk mitigation efficiencies of 35.4% and 30.7%, and cost–benefit ratios of 1:3.5 and 1:2.9, respectively. This analysis highlights the DRO method’s superior capability in providing robust financial management and risk-mitigation strategies, making it a more compelling choice for enhancing the financial resilience of power systems against cyber threats. The superior metrics associated with the DRO method demonstrate its potential for broad implementation in sectors requiring stringent risk-management frameworks, where effective cost management and high returns on security investment are paramount.

The comparative analysis outlined in Table 4 and Table 5 conclusively demonstrates the distinct advantages of the proposed DRO method over the methodologies presented in the Coalitional Cyber Insurance Model and the Actuarial Cybersecurity Framework. Primarily, the DRO method excels in both financial efficiency and operational effectiveness, achieving a 12.5% reduction in cost and an 82.3% increase in risk mitigation efficiency, which are substantial improvements over the other methods. Furthermore, the financial resilience metrics solidify the DRO method’s superiority, with a cost reduction of 14.3%, a risk mitigation efficiency of 40.6%, and an impressive cost–benefit ratio of 1:4.2, significantly outpacing the other models. These results underscore the DRO method’s capability to not only manage costs more effectively but also enhance the operational stability of power systems under cyber threats. This is achieved through an innovative optimization approach that better adapts to the complexities and dynamics of modern cyber environments, allowing for more precise risk assessments and more effective allocation of resources. The higher cost–benefit ratio indicates a more efficient investment return, which is critical for energy companies operating under tight financial constraints and facing diverse cyber threats. The superior performance of the DRO method, particularly in managing and mitigating risks while optimizing financial inputs, positions it as a robust solution for enhancing cyber resilience. This is crucial for power systems where the consequences of cyber incidents can be severe, affecting not only the financial bottom line but also the reliability of critical infrastructure. The adaptability and effectiveness of the DRO method make it an optimal choice for real-world applications, offering significant improvements over existing methods in both mitigating cyber risks and enhancing the economic and operational resilience of power systems.

7. Concluding Remarks

In conclusion, this study presents a groundbreaking framework for effectively managing cyber risks in ICT-integrated multi-energy systems. The novel integration of cyber insurance into a two-stage hierarchical planning model offers a unique and effective approach to cyber risk management, ensuring the long-term profitability and continuity of energy system operations. The optimization model balances the trade-off between energy system operation and cyber insurance coverage, enabling energy system operators to make informed decisions and implement effective defense strategies against potential cyberattacks. The results indicate that purchasing cyber insurance helps to reduce operational costs by 29.0% and load shedding by 0.68 MWh when 50% of buses are covered. This framework has the potential to revolutionize the field of cyber risk management, serving as a valuable reference for energy system operators and enhancing the economic performance of energy systems. With its practical applications, this work sets the stage for further research and development in the area of cyber insurance and risk management in ICT-integrated multi-energy systems.

This study underscores the importance of integrating cyber insurance into urban governance strategies to enhance the management of cyber risks in ICT-integrated multi-energy systems. It is recommended that urban governance bodies promote policies that support the adoption of cyber insurance, providing guidelines on risk assessment, premium calculations, and coverage standards specific to the energy sector’s needs within smart cities. By incentivizing energy operators through financial supports such as tax reductions and grants, and fostering partnerships between them and insurance providers, cities can ensure more stable and economically efficient energy system operations. This proactive approach not only reduces operational costs and minimizes load shedding during cyber incidents but also sets a foundation for ongoing improvement in risk management practices, adapting to emerging cyber threats and enhancing the overall resilience and economic performance of urban energy infrastructures.

This study, while comprehensive in its approach to developing a cyber-resilient energy management model for smart cities, presents several limitations that should be acknowledged. Firstly, the proposed model relies heavily on the accuracy and reliability of the data used, including the assumptions made about cyber threat patterns and the behavior of energy systems under attack. Variations in these datasets can significantly impact the outcomes of the model. Secondly, the application of the two-stage SDDP method, while effective in this context, may not be directly transferable to other types of multi-energy systems with different operational and structural characteristics. This limits the generalizability of the findings and may necessitate modifications to the model to suit other specific contexts or configurations. Furthermore, the integration of cyber insurance as a risk management tool is based on current market conditions and regulatory environments, which are subject to change. Changes in these areas could affect the model’s applicability and effectiveness in real-world scenarios.

To further advance the study of cyber-resilient energy-management systems, specific areas for future research have been identified. One pivotal area involves the exploration of adaptive cyber insurance models that can dynamically adjust to changing cyber threat landscapes and evolving regulatory frameworks. Such models would provide more robust risk-management strategies that are capable of responding to the rapid advancements in cyberattack methodologies. Additionally, the development of more sophisticated predictive analytics for identifying potential cyber threats before they impact the energy system is recommended. Integrating artificial intelligence and machine learning techniques could enhance the predictive capabilities of the proposed model, enabling more proactive mitigation strategies. Another frontier for future research is the quantitative evaluation of the impact of cyberattacks in the context of novel technological integrations within power systems. Building upon the foundational work conducted in this study, subsequent investigations will focus on technologies such as energy communities and virtual power plants, particularly exploring the concept of virtual islanding [53]. Future research will specifically investigate how virtual islanding can mitigate the effects of cyber threats on energy systems, with a focus on scenarios involving the substantial integration of renewable energy sources. By implementing a series of cyberattack simulations on systems employing virtual islanding, the study will assess the robustness of this approach under varying attack vectors.