Got it—happy to play “expert researcher.” Quick note: I can’t open that Google Sheet from here (looks like I don’t have access), so I’ll base this on peer-reviewed papers, tech reports, and OpenDSS docs. If you want me to align these directly to items in your sheet later, just share a copy or paste the relevant rows.

Attack patterns you can (and people do) study with OpenDSS

Below are concrete cyberattack “ways,” how they map to specific OpenDSS knobs you’d manipulate in a study, and examples from the literature where similar attacks were analyzed (many of them using OpenDSS or OpenDSS-based tooling/co-sims).

---

1) False-Data Injection (FDI) on measurements (AMI/µPMU/RTU → DSSE)

What it is: Corrupt meter streams so state estimation and downstream control make wrong decisions.
In OpenDSS: Run the power flow with truthful physics, but feed a corrupted measurement vector to your DSSE module (e.g., OpenDSS + OpenPy-DSSE or your own estimator).
Why it’s used in the literature: FDI against distribution SE is widely studied and remains effective/stealthy. OpenDSS is often the physics engine; DSSE is run in Python/Matlab. (MDPI)

Metaheuristics angle:

• Attacker: choose a sparse attack vector that maximizes SE error while bypassing bad-data detection (sparse GA/PSO).
• Defender: robust sensor placement / PMU siting (GA/DE) to minimize worst-case SE error.

---

2) Load-altering attacks (botnets on thermostats/EVSE/water heaters)

What it is: Orchestrate many DER/IoT loads to spike/shift demand and overload assets.
In OpenDSS: Manipulate Loadshape multipliers or time-series load profiles for targeted groups; observe transformer/line overloads and voltages.
Used in literature with OpenDSS: The “Power Botnet” study modeled load-altering attacks with OpenDSS on the IEEE-123 feeder. (arXiv)

Metaheuristics angle:

• Attacker: schedule load pulses to maximize feeder losses/violations.
• Defender: feeder reconfiguration or adaptive VVC parameter tuning via GA/PSO to contain violations.

---

3) Direct switching/topology attacks (open/close remote switches & ties)

What it is: Toggle remote-controlled switches/breakers to island loads or create violations.
In OpenDSS: Use SwtControl / open commands on Line/Switch elements; evaluate radiality, outages, voltage. Docs explain the control queue & switching model. (OpenDSS Documentation)
Used in literature: Coordination/mitigation of direct switching attacks on the IEEE-123 feeder (algorithmic study; fits OpenDSS workflows). (VTechWorks)

Metaheuristics angle:

• Attacker: combinatorial search over switch states to maximize unserved load (GA/spanning-tree GA).
• Defender: classic distribution network reconfiguration—numerous GA/SA/HS variants exist and many integrate with OpenDSS. (MDPI)

---

4) Capacitor-bank control spoofing

What it is: Force cap banks on/off or falsify sensed vars/voltage so CapControl makes bad moves.
In OpenDSS: Flip Capacitor states or change CapControl type/ON/OFF settings/Delays; see EPRI docs/examples. (OpenDSS Documentation)

Metaheuristics angle:

• Defender: optimize cap statuses jointly with LTC taps (multi-objective VVO via PSO/HS/DE). (MDPI)

---

5) Regulator/LTC setpoint tampering

What it is: Alter Vreg, band, line-drop compensation, or taps → widespread over/undervoltage.
In OpenDSS: Edit RegControl (Vreg, band, CTprim, R/X, controlled bus). Docs and source show how the controller acts. (OpenDSS Documentation)
Used in literature: FDI against LTC controls to disrupt voltage regulation (methodology aligns with OpenDSS studies). (eudl.eu)

Metaheuristics angle:

• Defender: robust VVC tuning (optimize Vreg, curve points) to minimize worst-case deviations (GA/PSO).

---

6) DER inverter setpoint/curve manipulation (Volt-VAR / Volt-Watt / droops)

What it is: Push PV/storage inverters to harmful Q(V)/P(V) behavior, clamp reactive capability, or mis-set droops.
In OpenDSS: Tweak InvControl (vvc_curve*, deltaQ_factor, VV/VW modes) and PVSystem/Storage limits. (OpenDSS Documentation)
Why it’s credible: Extensive inverter vuln research and guidance from NIST; attacks via cloud portals/protocols can change setpoints. (NIST Publications)
Related co-sim: Real-time VVC with Typhoon HIL + OpenDSS (suitable testbed to observe malicious setpoint changes). (Frontiers)

Metaheuristics angle:

• Defender: co-optimize Q(V) curve points/kVAR limits under attack scenarios (PSO/GA).

---

7) Volt/VAR Optimization (VVO) command tampering & comms attacks

What it is: Tamper with DNP3/SCADA messages (delay/drop/replay) so centralized VVO issues wrong commands or none.
In OpenDSS: Drive VVO from an external controller; inject delays/drops in a co-sim (e.g., ns-3 + OpenDSS) and observe degraded voltages/losses. A real-time co-sim paper shows DNP3-based attack scenarios; OpenDSS has been widely used in similar CPCS setups. (arXiv)
Tooling: Demonstrated OpenDSS–ns-3 co-simulation and attack data generation (DoS, replay, etc.) in related tools. (GitHub)

Metaheuristics angle:

• Defender: schedule-robust VVO (optimize actions anticipating packet loss/delay).

---

8) PV/storage dispatch falsification (active/reactive limits, ride-through)

What it is: Misconfigure ride-through and protection so DERs trip or absorb/inject wrong power during disturbances.
In OpenDSS: Change kW, kvar, pf, kVArated, ride-through emulation via control scripts; examine feeder stability. Guidance on inverter cyber issues highlights exactly these entry points. (NIST Publications)

Metaheuristics angle:

• Defender: optimize DER dispatch bounds/curves to maximize resilience margins (multi-objective GA).

---

9) Topology/parameter spoofing in the model (stealthy planning attacks)

What it is: Quietly alter device parameters (line impedances, transformer taps) or hidden switch states to bias any optimization or SE.
In OpenDSS: edit Line.X1/R1/C1/…, Transformer.Taps, or leave tie switches mis-flagged; recompute flows. (OpenDSS docs and examples show how easily parameters are scripted.) (OpenDSS Documentation)

Metaheuristics angle:

• Attacker: minimize detection probability while maximizing planner error.
• Defender: robust planning (ISA-HC/GA) that hedges against bounded param uncertainty—already demonstrated with OpenDSS-driven reconfiguration. (MDPI)

---

10) Communication-layer DoS/jamming → control starvation

What it is: Starve field devices/controllers so scheduled switching/VVC never happens.
In OpenDSS: Use co-sim frameworks to impose delays/loss; see OpenDSS–ns-3 demo and attack-dataset frameworks; OpenDSS is the power side. (GitHub)

Metaheuristics angle:

• Defender: optimize fallback local setpoints (e.g., inverter droops) subject to comms-loss scenarios (PSO/GA).

---

11) Coordinated attacker–defender dynamics (game/bi-level)

What it is: Attacker toggles switches or injects FDI; defender reconfigures the feeder and retunes thresholds.
Why it matters: Papers model this explicitly (AD/DAD or ML-aided mitigation) on the IEEE-123 feeder—plug-and-play with OpenDSS. (VTechWorks)

Metaheuristics angle:

• Defender: treat reconfiguration as a discrete search (GA/SA/HS) and inner continuous setpoints as PSO—hybrid metaheuristics are common in distribution ops and easy to couple to OpenDSS. (MDPI)

---

12) RL-centric attack/defense experiments (OpenDSS + SimPy/HELICS)

What it is: Train agents for resilient switching/VVC under cyber contingencies; then evaluate attack policies.
In OpenDSS: Use NREL’s RL environments that fuse OpenDSS with SimPy; explicitly intended for “cyber-physical defense against cyber threats.” (NREL)

---

Pointers to OpenDSS controls you’ll actually touch

• InvControl (Volt-VAR / Volt-Watt / droops): change curves/modes/limits. (OpenDSS Documentation)
• RegControl (LTC/VR): edit Vreg, band, LDC (R/X), taps. (OpenDSS Documentation)
• CapControl / Capacitor: switch states and thresholds/delays. (OpenDSS Documentation)
• SwtControl / open commands: force line/switch states. (OpenDSS Documentation)
• Load/Loadshape: alter time-series for stealth load-altering attacks. (Standard OpenDSS workflow/examples.) (OpenDSS Documentation)

Turn these into optimization problems (ready for metaheuristics)

• Attack design: pick meters to corrupt, switches to toggle, or DER setpoints to alter to maximize losses/violations while staying stealthy → binary + continuous variables (GA/DE/PSO).
• Defense design:
  • Reconfiguration (binary): GA/ISA-HC with OpenDSS in the loop. (MDPI)
  • VVO tuning (continuous & integer): PSO/HS for cap/LTC/inverter settings under attack scenarios. (MDPI)
  • Sensor placement / resilience margins: GA/DE against FDI models; evaluate via DSSE + OpenDSS. (MDPI)
  • RL + search hybrids: NREL’s OpenDSS RL envs for resilient actions under cyber contingencies. (NREL)

---

Quick “related works” index you can cite in your review

• FDI on distribution SE: survey/attacks/detection. (MDPI)
• OpenDSS-based botnet load-altering attack (IEEE-123): concrete OpenDSS use. (arXiv)
• LTC/voltage regulation under FDI: attack concept on regulators. (eudl.eu)
• OpenDSS + ns-3 co-simulation / attack datasets: feasibility of comms-layer attacks. (GitHub)
• Real-time VVC co-sim with OpenDSS: testbed for setpoint tampering experiments. (Frontiers)
• Smart inverter vulnerabilities & guidance (attack surface): NIST IR 8498. (NIST Publications)
• OpenDSS RL env for cyber-resilient operation: NREL tech report & repo. (NREL)
• OpenDSS object docs (InvControl/Reg/Cap/Swt): how/where to inject. (OpenDSS Documentation)

---

If you’d like, I can:

1. Map these attack types to the exact devices/curves/commands in your sheet (once I can view it).
2. Draft a small OpenDSS + Python harness (OpenDSSDirect.py or py-dss-interface) that:
   • flips each attack on/off,
   • runs scenarios, and
   • wraps GA/PSO to search worst-case attacks or best-response defenses.

Just say the word and I’ll produce a starter repo-style snippet.