Attack-Resilient Energy Storage Scheduling

Updated 29 November 2025

Attack-resilient energy storage scheduling is an emerging field that designs algorithms and frameworks to mitigate cyber-physical attacks on diverse energy systems.
It employs multi-level optimization and robust control strategies to dynamically allocate energy resources across IoT devices, microgrids, and bulk power networks.
Empirical results show significant improvements in operational reliability, reduced downtime, and enhanced resilience metrics during adversarial attack scenarios.

Attack-resilient energy storage scheduling encompasses algorithmic, architectural, and optimization frameworks explicitly designed to maintain the operational availability, application performance, and safety of systems leveraging energy storage under intentional disruptions or attacks. These attacks may target stored energy directly (e.g., buffer/harvester manipulation, cyber-physical isolation), degrade measurement or control channels, or induce system-level contingencies (e.g., coordinated outages, cyber-physical-human threats). Strategies employed span from dynamic task scheduling with attack-awareness at the device level, through system-level bi-level optimization, to rigorous scheduling under worst-case bounded adversarial actions.

1. Adversarial Threat Models and Energy System Contexts

Attack-resilient energy storage scheduling research addresses multiple domains and adversarial models with distinct system constraints and threat surfaces.

Battery-less IoT Devices: Attackers achieve indirect energy denial by manipulating ambient sources (solar, RF), causing intentional starvation, livelock, or denial-of-service through adversarial shaping of voltage/current waveforms presented to harvesting circuits. Devices are typically organized around federated capacitor buffers, with execution inseparable from the stochastic and adversarially-variable energy inflow (Singhal et al., 2023).
Microgrids and BESS: In cyber-physical microgrids, adversaries may compromise distributed generator (DG) agent controllers (through, e.g., scaling, additive, or ramp attacks), requiring the system to detect and isolate malicious actors and rapidly reallocate BESS resources to maintain supply-demand balance and ancillary services (Zografopoulos et al., 2022).
Bulk Power and Distribution Systems: At network scale, threat models include N–m contingencies (removal of m elements such as tie-lines or generators), CPH threats, and cyber-attacks that can affect dispatch, setpoints, or monitoring infrastructure. Hydrogen energy storage is leveraged for its long-duration resilience properties, with scheduling required both for pre-event reserve accrual and robust post-event operation (Haggi et al., 2021, Haggi et al., 2021).
Cyber-Attacks on Grid Control: Manipulation of frequency measurements or control setpoints in ESS-integrated grids, potentially driving unsafe dynamics unless system-wide resilient scheduling constraints are imposed via robust optimization and reachability analysis (Giraldo et al., 2022).

A summary of major threat types and modeling approaches:

Domain	Main Attack Vector	Representative Reference
Battery-less IoT	Ambient energy manipulation	(Singhal et al., 2023)
Microgrid (BESS)	Control agent tampering	(Zografopoulos et al., 2022)
Distribution/Transmission	Physical/N-m outages + CPH	(Haggi et al., 2021, Haggi et al., 2021)
Grid ESS Frequency	Setpoint/sensor cyber-attack	(Giraldo et al., 2022)

2. Formal Problem Formulations and Optimization Structures

Unified across application domains, the attack-resilient scheduling problem involves constrained multi-period resource allocation subject to application demands, network and storage physics, and attack-triggered operational switching.

IoT Task Scheduling: The system maximizes throughput, defined as the number of completed task cycles, with variables $x_{\tau, k}$ indicating task invocations. Constraints enforce causality $($ energy consumption up to $t$ must not exceed available harvested energy $)$ , buffer bounds, task precedence, and attack-driven profile switching:

$\max \sum_{\tau \in T} \sum_{k=1}^{K_\tau} x_{\tau,k}$

subject to

$\forall t, \sum_{\tau} \epsilon(\tau) \sum_{k: inv_k \leq t} x_{\tau,k} \leq \sum_{i=1}^m E_i(0) + \int_0^{t} P_h(s) ds$

with additional logic for attack-detection control over task activation rates and energy allocation prioritization (Singhal et al., 2023).

Hydrogen Storage (Bulk/Distribution Networks): Proactive and two-stage stochastic formulations are used. Pre-event decisions build H₂ inventory with dispatch constraints, subject to reserve requirements. Post-event (attack) recourse minimizes penalized load shedding:

$\min_{s \in \mathcal{S}} \sum_t \rho_t P^{ST}_{t,s} + \sum_{i, t} VOLL_i P^{Shd}_{i, t, s}$

with scenario-dependent unit and network availability, storage dynamics, and real/ reactive power flow constraints (Haggi et al., 2021, Haggi et al., 2021).

BESS with Agent Detection and Ancillary Services: The optimization, cast as a mixed-integer program, minimizes load shedding and BESS cycling cost, integrating real-time binary detection variables for DGs and explicit active frequency/voltage support:

$\min_{\{P_B, P_{shed}, z \}} \sum_t \lambda_{shed} P_{shed}(t) + \lambda_{cyc} |P_B(t)|$

subject to power and SOC limits, and real-time DG availability flags $z_i(t)$ (Zografopoulos et al., 2022).

Robustness via Convex Reachability: For grid-integrated ESS, ellipsoidal LMI-constrained optimization shrinks admissible ESS power bounds to guarantee frequency safety under arbitrary cyber-attacks:

$\min_{W,\,\hat\gamma} -\sum_i \hat\gamma_i$

subject to Lyapunov and dissipation-type LMIs that prune the reachable set to avoid unsafe operation domains; these power bounds are directly imposed in standard ESS scheduling (Giraldo et al., 2022).

3. Scheduling Architectures and Real-time Algorithms

Mitigation frameworks are characterized by their real-time architecture, interaction of detection, control, and scheduling, and by explicit handling of attack signatures.

Application Manager with Dynamic Profile Switching: In IoT/harvester devices, an attack-detection module ( $a_o$ , $a_{rt}$ , etc.) continually updates the application manager, which transitions system execution profiles (e.g., low activity during attack, full activity when safe). Task schedulers enforce readiness based on energy state and current attack status and dynamically allocate harvested energy in federated buffer architectures (Singhal et al., 2023).
Microgrid Self-healing and Isolation: The Mode Supervisory Controller (MSC) collects DG agent state, flags misbehavior based on model-based deviation thresholds, and instantaneously re-solves the scheduling optimization to isolate the attacker and allocate BESS; as soon as a DG agent is restored, the scheduler hands back control (Zografopoulos et al., 2022).
Rolling-horizon and Two-stage Scheduling: For network-scale storage (hydrogen), rolling optimization windows synchronize reserves with threat forecasts, ensuring bulk tank fill prior to attack windows and recourse dispatch with demand or outage realization. These approaches are robust against imperfect forecasts by re-optimizing as new threat/interruption information becomes available (Haggi et al., 2021, Haggi et al., 2021).

4. Analytical and Empirical Performance Results

Empirical and analytical evaluation of attack-resilient scheduling quantifies gains in throughput, task schedulability, load shedding, and transient safety metrics.

Battery-less IoT Devices: Application-aware EAM achieves $+23.3\%$ more application cycles under attack compared to federated and central baselines, at least $21\%$ higher average task schedulability, and $+34\%$ higher peripheral availability. The real-time control loop incurs negligible energy and time penalties relative to typical application task costs (Singhal et al., 2023).
Microgrid BESS: Attack isolation and dynamic BESS reallocation yield $100\%$ demand served and sub-200 ms downtime over cyberattack events, with battery SOC varying less than $4\%$ over typical fast self-healing sequences (Zografopoulos et al., 2022).
Hydrogen Storage Networks: Long-term storage enables resilience indices (fraction of served load during major outages) exceeding $80\%$ , well above batteries of equivalent power but shorter duration (typically $37.3-54.6\%$ for batteries at $2-8$h vs. days for H₂) (Haggi et al., 2021).
Robust Grid Frequency Control: LMI-constrained scheduling reduces worst-case frequency deviation under setpoint or sensor attacks from $-0.3$ Hz (physical limits) to $-0.18$ Hz or better, enforcing absolute bounds within the safety domain and preventing state escape (Giraldo et al., 2022).

5. Adaptation Across Storage Technologies and Attack Types

The underlying scheduling methodologies generalize beyond the specific storage medium or threat model.

Flexibility in Storage Model: Battery/flywheel models substitute H₂ tank mass-balance for typical SOC (state of charge) evolution, with analogous charging/discharging, efficiency, and capacity limits. Scheduling constraints naturally map to these domains (Haggi et al., 2021).
Generalization to Arbitrary Attacks: The scenario-based or robust two-stage scheduling, as well as LMI-tightened operating domains, enable adaptation to arbitrary attack surfaces, including cyber-induced measurement setpoint corruption, physical removal/isolation of hardware, or adversarial data errors (Giraldo et al., 2022).

A plausible implication is that as multi-vector attacks proliferate in cyber-physical energy systems, integrating formal methods for attack-resilient scheduling (profile switching, robust optimization, real-time fault diagnosis, and ancillary service-aware dispatch) is essential for maintaining grid and device-level resilience.

6. Practical Deployment and Domain-specific Guidelines

Effective deployment requires hardware and software co-design, integration of real-time detection, and close adherence to operational timescales.

Energy-constrained IoT: Software architectures must feature extremely low overhead (≤2 nJ per scheduler invocation), with attack detection co-located or streamed from external ML modules, and adaptive rate control of application tasks (Singhal et al., 2023).
Microgrids: Distributed agent reporting, model-informed thresholding, and fast optimization solvers (≤10 ms control loop) underpin practical real-time BESS scheduling for attack mitigation (Zografopoulos et al., 2022).
Bulk Power/Distribution: Rolling-horizon and stochastic optimization must mesh with daily scheduling cycles and utilize scenario forecasting (e.g., for natural disasters) to effectuate pre-positioning of energy reserves (Haggi et al., 2021).
Ellipsoidal/LMI approaches: Determination of resilient power limits is performed offline, with periodic re-computation if system parameters shift, and published to local real-time schedulers for enforcement (Giraldo et al., 2022).

7. Outlook and Generalization

Attack-resilient energy storage scheduling underpins the stable operation of future cyber-physical energy systems. Research demonstrates that system-aware, attack-adaptive scheduling, multi-stage stochastic optimization, distributed detection and isolation, and robust/convex analytic safety formulations, each tailored to the specifics of the storage technology and system cyber-physical architecture, can substantially mitigate the impact of attacks, ensuring continuity of critical services and system safety. These frameworks are broadly adaptable as the range and sophistication of threats evolve.