Abstract This research investigates federated learning (FL) as a novel approach to strengthen cybersecurity resilience in distributed energy systems (DES), including substations, distributed energy resources (DERs), and grid control networks. Traditional centralized security models are inadequate for modern energy infrastructure due to privacy constraints, bandwidth limitations, and the vast scale of distributed assets 1. A federated learning architecture was deployed across critical energy assets, where each node locally trained machine learning models on operational telemetry without sharing raw data. Only model parameters were transmitted to a central aggregator, preserving privacy while enabling collaborative threat detection. The system was evaluated through testbed validation and pilot deployment across 20+ geographically distributed nodes. Results demonstrated significant improvements over centralized approaches: 15% enhancement in anomaly detection accuracy, 100% threat detection rate with zero false positives after seven training rounds, 22% reduction in communication bandwidth requirements, and 86% F1-score maintenance across the distributed network. The edge agent required only 16 MB RAM and 25 MB disk space, enabling deployment on resource-constrained industrial devices. This framework pioneers the integration of federated learning into energy cybersecurity, providing a scalable, privacy-preserving solution that addresses current limitations while ensuring regulatory compliance with NERC CIP and IEC 62443 standards.
V. Mishra (Mon,) studied this question.