A Survey on Cybersecurity Challenges, Detection, and Mitigation Techniques for the Smart Grid

: The world is transitioning from the conventional grid to the smart grid at a rapid pace. Innovation always comes with some ﬂaws; such is the case with a smart grid. One of the major challenges in the smart grid is to protect it from potential cyberattacks. There are millions of sensors continuously sending and receiving data packets over the network, so managing such a gigantic network is the biggest challenge. Any cyberattack can damage the key elements, conﬁdentiality, integrity, and availability of the smart grid. The overall smart grid network is comprised of customers accessing the network, communication network of the smart devices and sensors, and the people managing the network (decision makers); all three of these levels are vulnerable to cyberattacks. In this survey, we explore various threats and vulnerabilities that can affect the key elements of cybersecurity in the smart grid network and then present the security measures to avert those threats and vulnerabilities at three different levels. In addition to that, we suggest techniques to minimize the chances of cyberattack at all three levels. destination IP and ports, source and destination jitters, record time, and attack category were some of their features. The UNSW-NB15 publicly available data set was used to de-velop the model. The results show that autoencoder-based prediction model performance was better than long short-term memory (LSTM), random forest, naïve Bayes, decision tree, k -nearest neighbor, and LSVM.


Introduction
The conventional electricity system has been enhanced with modern technology, transforming it into a smart grid. A smart grid incorporates several operational and energy management techniques. The operational and energy measures may include smart meters and smart appliances installed at the customer's location, a production meter, renewable energy generators, smart inverters, and energy efficiency resources deployed at the grid's location [1]. Renewable energy generators contribute to energy cost reductions since the cost of producing electricity from renewable sources is zero, although renewable energy is intermittent in nature and is highly influenced by a variety of conditions such as ambient temperature, humidity, wind speed and direction, and geographical area. Solar energy, for example, is affected by irradiance, cloud cover, and ambient temperature [2]. Wind energy fluctuates greatly with wind speed and direction. Numerous techniques exist for forecasting wind energy, solar energy, and battery state of charge in order to incorporate renewable energy in a robust and timely way. The smart grid enables bidirectional communication between the grid and the sensors installed in various locations. These sensors continuously transmit production data to the grid in the form of data packets. This information covers the creation, consumption, voltage, and frequency of energy, as well as other energy-related data. Currently, battery-integrated grids send the state of charge over charge through a communication channel that exposes the battery management system (BMS) to cyber threats. These cyber threats can lead battery to overcharge or undercharge, which may lead to catastrophic events.

Vulnerabilities in the Smart Grid
The vulnerability of a smart grid network is the weak spot at which an attacker may enter the network and attack the system as shown in Figure 2. The smart grid connects with multiple domains using different protocols, making it vulnerable to numerous cyberattacks. In this section, we explore the conditions that might increase the vulnerability of the grid to cyber intrusion. However, first, we discuss the types of cyberattacks.There are mainly two kinds of attacks: (1) passive attacks and (2) active attacks. Passive attacks are those in which no harm to the data is done, but the attacker only monitors the data, whereas the active attacks are more dangerous compared to active attacks, as the attacker modifies the data or stops the receiver from receiving the data. The passive attacks are classified into two categories: (1) eavesdropping attack and (2) traffic analysis attacks. The types of active attacks includes masquerade attacks, replay attack, false data attack, and denial of service attacks. Figure 3 shows different types of cyberattacks. The eavesdropping attacks is when the attacker can see the data packets shared between sender and the receiver. However, the attacker does not modifies the data. Traffic analysis attack is another kind of passive attack in which the attacks continuously monitors and analyzes the traffic between the sender and the receiver. Active attacks are more harmful than the passive attacks, as the attacker has full control over the data. The replay attack is when the attacker and sender both send the data to the receiver; this confuses the receiver in differentiating between real data by sender and the data routed through the attacker. In the masquerade attack, the sender is idle, but the receiver keeps receiving data from the attacker. The false data injection attack in when the data do not come to the receiver directly from the sender instead the receiver receives the modified data from the attacker. However, both the sender and the receiver are unaware about the modification done by the attacker. Denial of service attack is a kind of attack in which attacker does not target the sender or receiver but the data server. The attacker generates a bulk amount of irrelevant requests from the server and the server starts serving those irrelevant requests until all of its resources are exhausted. The receiver/sender requests information from the server, and due to unavailability of resources, the request from the sender/receiver is denied. The major causes that make the smart grid vulnerable to cyberattacks are as follows: 1.
Increased installation of intelligent electronic devices (IEDs): As the number of devices in the network rises, the number of attack sites for attackers increases as well. Even if the security of a single point is compromised, the entire network system would be impacted.

2.
Installation of third-party components: Third-party components that are not advised by experts increase the network's vulnerability to cyberattack. These devices may be infected with trojans, which can then infect other devices on the network.

3.
Inadequate personnel training: Proper training is necessary to operate any technology. When staff are not sufficiently taught, they might easily fall victim to phishing attempts. 4.
Using Internet protocols: Not all protocols are secure when it comes to data transmission. Certain protocols transfer data in an unencrypted format. As a result, they are easy candidates for data extraction via man in the middle attacks.

5.
Maintenance: While the primary goal of maintenance is to keep things functioning properly, it can become a vector for cyberattacks at times. While doing maintenance, operators often disable the security system to conduct testing. In 2015, electric power companies in eastern Europe reported one similar occurrence [14].

Cybersecurity Challenges in Grid-Connected EV Charging Stations
The integration of electric vehicle charging system (EVCS) makes the power system/grid more complex. Over the past several years, the sales of electric vehicles have increased exponentially, mainly due to economic and environmental factors. With incorporation of newer technologies, the cost of EVs and EV batteries has seen a drastic decrease in addition to government incentives. Moreover, EVs do not rely on fossil fuel consumption so they are contributing in minimizing carbon footprints [15]. However, EVCSs are not cyberattack-resistant as they depend on the wired and wireless communication systems to share information with the smart grid. The study in [16] categorized EVCS vulnerabilities into two broad categories, i.e., internal vulnerability and external vulnerability. Internal vulnerability such as EVCS processor with weak password and hashing algorithm, weak access control, unsigned firmware update, and easy extraction of firmware can lead to attacker to get full control of EVCS. External vulnerabilities such as on-site human machine interface (HMI) that allow users to connect universal serial bus (USB) drives can be easily used by attackers to expose the EVCS configuration. Since there is no worldwide standard for communication systems between EVCSs and EVCS server, the open charge point protocol (OCPP) has been adopted by many vendors. However, OCPP is vulnerable to manin-the-middle attack (MIMA) [16]. In addition to this, many smartphone and web-based applications that assist users in finding EVCSs nearby, authenticating EVs at EVCS, and remotely controlling the charging and payment for the charge have been developed. Due to this, any malicious application or cloned application can potentially damage the EVCS. In [17], the authors performed a study on cybersecurity challenges in the onboard charging (OBS) system of an EV. The electric component units (ECUs) are connected in a controller area network (CAN) to communicate between them. Cyberattacks on OBC system are classified into two categories: (1) control-based attacks and (2) hardware-based attacks. Figure 4 shows attacks included in both categories. The sales of EV are highly correlated with installation of EVCSs such that the EV penetration will go up, there will be a spike in EV charging stations, and there will be a significant impact on energy demand [18]. In this study, the communication requirement and standards for the Internet of electric vehicles are presented. In another research study, authors developed a framework for analysis, comparison, and test of standards (FACTS), proposed in [19], to identify cyberthreats in a battery management system (BMS).

Primary Goals of the Cybersecurity in the Smart Grid
The National Institute of Standards and Technology (NIST) developed a framework for enhancing smart grid cybersecurity. They categorized logical interface categories in 22 different categories. Table 1 summarizes their definition along with example and their impact on confidentiality, integrity, and availability. Furthermore, the NIST suggests 19 smart grid requirements, which are as follows: 1.
Information and Document Management (SG.ID) 9.
Incident Security requirement identifier, category, requirement, supplemental guidance, requirement enhancement, additional consideration, and impact level allocation should be added with each security requirement. Security requirement in depth can be presented in [20].
There are five main goals of cybersecurity in smart grids that are described below. Table 2 provides the summary of attack category and security goal they compromise.

1.
Authentication: The verification of the user. The system verifies that the credentials provided by the user are correct or not. Various authentication techniques in the smart grid network are presented in the [21].

2.
Authorization: The user is authenticated when he provides the correct credentials. Now, the user becomes authorized to use the services and to transmit and receive data packets. In an unencrypted authentication process, credential inserted by the users are exposed to the attacker, and later, the attacker uses the credentials and pretends to be an authorized user.

3.
Confidentiality: This ensures that only authorized users have the access to the data. There is an abundance of sensitive data circulating throughout the smart grid network. This information comprises client energy consumption statistics, a customer identification number, and a list of appliances in use by consumers. An attacker can use this information to investigate the customer's energy use patterns. Additionally, if unauthorized users have access to the data, an ICMP (Internet Control Message Protocol) flood attack can be launched and the reading can be tampered with or altered [22]. As a result, utilities may face severe financial difficulties or customers may get excessively high bills.

4.
Integrity: This protects the recipient against data tampering by ensuring that the data is not changed or corrupted during transmission. Parity check, checksum error, and several other similar techniques are utilized at the receiving end to verify that the data have not been modified. False data injection attack(FDIA) is one of the most frequently used forms of attack. An injection attack adulterates the genuine data with fake data.

5.
Availability: Availability ensures that whenever user requires resources or/and data, they are always available. There are various factors that can affect the availability such as fault at the data center, but in terms of cybersecurity, it is affected by cyberattacks such as denial of service (DoS) attacks. During a DoS attack, the resources are hijacked by the attackers and user requests are not served due to a lack of resources.

Ukraine Power Grid Attack, 2015
Cyber assaults on the energy industry are on the rise, posing an ever-increasing threat to dependability and safety. This danger is shown by the successful assaults on Ukraine's power system in 2015 and 2016. During these incidents, attackers gained access to distribution grid operator consoles and remotely closed breakers, resulting in local blackouts. In this attack, 30 substations were switched off and around 230,000 people were affected by the blackout. It was the first successful known cyberattack on a smart grid. Attackers may potentially breach communications channels and alter data, or they could overwhelm the highly linked network with data traffic, restricting operators' capacity to monitor and manage the grid.

Iran Nuclear Facility Attack, 2010
Stuxnet is said to have caused many centrifuges at Iran's Natanz uranium enrichment plant to burn out. Stuxnet was designed to disrupt and sabotage Iran's nuclear program, but it also showed that Stuxnet had the potential to inflict significant physical damage to critical infrastructures by targeting computer controllers and SCADA systems that manage industrial equipment [50].

Blackout in US and Canada, 2003
On 14 August 2003, a high-voltage power line in northern Ohio collided with some overgrown trees, causing the fault. The line had weakened as a result of the strong current flowing through it. The issue would normally have triggered an alert in the control room, but the alarm system failed. Later, three more lines sagged into trees and shut down, putting further strain on other power lines. Due to overburden, they also cut off a couple of hours later, triggering a chain reaction of failures throughout southeastern Canada and eight northeastern states. In all, 50 million people lost power for up to two days in North America's largest blackout in history. At least 11 people were killed as a result of the incident, which is believed to have cost $6 billion. The details of the event can be found on [51].

Arizona-Southern California Blackout, 2011
A total of 2.7 million people were impacted by the 8 September 2011, Arizona-Southern California blackout. On a hot days demand during peak hours increases and due to this increase in demand, a single high-voltage line failed due to a fault, causing electricity to be transferred to the San Diego region. More line and transformer failures followed within minutes of this power redistribution, and ultimately, San Diego was cut off from the rest of Western Interconnection. A mismatch between supply and demand in the San Diego region arose from this separation, resulting in generation of overloads and blackouts [6].

Cyberattack Detection and Mitigation Techniques
Smart grids involves multiple stakeholders that includes consumers, electric utilities, grid operators, and third-party service providers. Due to involvement of multiple stakeholders, the management of the smart grid data specially from the smart meters becomes a daunting task. For enhanced security and privacy protection of smart meter, [52] proposed framework that provide guidelines for integrating security and privacy across different domain. The framework classifies the security into three classes: communication security, secure computing, and system control security. Communication security includes cryptosystem, routing security, and network privacy. The objectives of the communication security may be achieved by a key management system, end-to-end encryption, and multiple hop routing. Furthermore, the authors of [53] discussed primary tasks of smart meters that includes recording of amount of energy consumed and factors such as voltage and frequency. In addition, they are also responsible for sending the information to the grid operating over a secure communication channel and also to operate load switch during by operators to avoid blackouts during emergency cases. The study provided proof of concept of high assurance smart meters (HASM). To address the cybersecurity aspects of smart grid, various approaches have been suggested in the literature, and as the complexity and integration of artificial intelligence (AI) increases, more research studies on ways to make the grid more reliable will be conducted. Some research studies also show that the smart grid is also prone to human error, and those errors can be due to social engineering attacks. In our paper, we divided the existing approaches into two major categories: (1) nonhuman-centric approaces and (2) human-centric approaches. In Table 3, we summarize the advantages and disadvantages of both of the approaches.

Nonhuman-Centric Approaches
In this section, we discuss various nonhuman centric attack detection and mitigation techniques using the diverse approaches as summarized in Table 4.

Machine-Learning-Based Attack Detection and Mitigation
As the transition of traditional grid into smart grid is taking place, thousands of sensors are being installed in the smart grid infrastructure. These sensors continuously monitor the states of the device they are connected to and generate a huge amount of data in the form of log files or time series data. Irradiance sensor, module temperature sensor, voltage monitor sensor, and current monitor sensor are just a few examples of the sensors present in the smart grid network. The data from these sensors are stored on a server, and sometime before sending the data to the servers, these data are preprocessed. The servers can be local servers or cloud servers. Posting the data on the local server provides the highest level of data protection; however, it limits the strength of the data in finding new patterns or getting any insights from the data. When the data are stored on the cloud server, the user has more flexibility over data usage because the data can be access remotely and can be scrapped to machine using GETS command.
Recently, machine learning algorithms have proved to be accurate in cyberintrusion detection. Unlike rule-based methods, machine learning detects the intrusion based on historical data. In [54], a combination of JRipper and Adaboost was developed to predict power system disturbances. The output of the model was three classes (attack, natural disturbances, and no event) based on the data. False data injection attack (FDIA)/data poisoning attack is another one of the most common attacks that carry the potential of severely damaging smart grid networks and FDIA can also harm utilities and customers financially by poisoning the data from smart meters. To detect an FDIA, researchers used an ensemble-based machine learning algorithm [55]. The model was tested on IEEE 14 bus system. The performance of ensemble-based learning models was compared with linear regression, naive Bayes, decision tree, and support vector machine (SVM), and the result shows that unsupervised ensemble models outperformed the individual models with the highest accuracy of 73%. In [56], deep analysis of the impact of FDIA on AI-based smart grid is performed using multilayer perceptron (MLP). The results from the study show that even if only 20% of the data is falsified, it can reduce the accuracy of the machine learning algorithms by 15% that can affect the critical decision making of the smart grid. For example, in the case of data poisoning, if there is disturbance and the model fails to predict the disturbance due to false data, then the grid can go into an unstable state that can result in catastrophic events. In [33], a conditional deep belief network model is proposed to detect FDIA for power theft in real time. The model was tested on IEEE 118 and IEEE 300 bus systems. The performance of the model was compared to artificial neural networks and support-vector-machine-based methods.
Sometimes, a smart grid also faces distributed denial of service (DDoS) attacks. DDoS attacks comprise the availability of the resources that are needed for communication such as servers. The primary objective of the DDoS attack is to inundate the communication server with fake requests to jam the server and make it unavailable for communication. In [57], a multilevel autoencoders model was proposed to detect DDoS attacks. Autoencoder consists of one input layer at least one hidden layer and one output layer. The model was trained using data of around 700 thousand packets and with 49 features. Source and destination IP and ports, source and destination jitters, record time, and attack category were some of their features. The UNSW-NB15 publicly available data set was used to develop the model. The results show that autoencoder-based prediction model performance was better than long short-term memory (LSTM), random forest, naïve Bayes, decision tree, k-nearest neighbor, and LSVM. Employees in an organization can be categorized as attitudinal (employees who do not think that cybersecurity is an important factor to consider) and cognitive (employees who understand the importance but do not embrace it because they think its too much work) [58] therefore, regular employees training can be helpful in combatting cyberattacks.
Encouraging employees to teach themselves about the latest technologies and tools is a complex task, especially when the employees come from different age groups and with a variety of technical backgrounds.

Password strength and security
Cognitive-type fatigue can lead to employees setting weak passwords [58]; thus, enforcing strong passwords and strength policy can be helpful.
As per [58], some employees find it difficult to remember all the of different and complex passwords.

Customer Awareness
It is almost impossible to provide proper training to customers, so customer participation becomes critical to spread awareness about cybersecurity among customers.
Irrespective of how many resources an organization invests in customer awareness, at the end, customers are the key decision makers in the customer domain.
Customer Interaction A customer interaction platform can help with easy reporting of any cyberattack or any malicious activity on the customers' portal.
There is a huge variation in customer categories. For example, some customers are of different age groups, and some customers have a limited sense of technology, so it becomes challenging to design a portal that fits all.

Updates and incremental patches installation
Patching policy varies between immediate, 30, 60, and 90 days [59] depending upon the potential impact of the vulnerability or bug; therefore, patching can be highly impactful in tackling future cyberattacks.
No Even systems armored with the best security tools and software are always under threat; thus, continous monitoring and auditing are required for robust protection.

Cloud-Based Detection and Mitigation
In [60], the authors discussed how the attributes of cloud computing could be used to enhance security in the event of a DDoS attack on the smart grid. In [61], a cloudbased firewall was proposed to prevent DDoS attacks on the smart grid. The study was performed by generating 250 Gbps of data to replicate a DDoS attack. The simulation results showed that there was low latency with the grid OpenFlow firewall. In [62], an attribute-based online/offline searchable encryption scheme was introduced in order to secure data access for authorized users in the cloud environment for smart grid applications. In [63], the authors introduced a secure home area network based on cloud of things, which is detrimental against brute force, replay and capture, and other attacks. In [64], a security evaluation model was proposed for a smart grid based on a deep belief network (DBN) comprised of multiple RBMs and a BP neural network. They evaluated security risks in five respects: policy and organizational risks, general technical risks, SaaS risks, PaaS risks, and IaaS risks.

Blockchain-Based Detection and Mitigation
In recent times, blockchain has become one of the most lucrative technologies in various domains due to its security. The blockchain is a chain of blocks in which each block contains the index, timestamp, previous hash, hash, and data. Blockchain is considered to be secure because of the hashing. If someone tries to change the hash value of the block, then he has to change the value of all the previous blocks, so when there are many blocks in the chain, it becomes a computationally expensive task to change the hashes of all of the previous blocks.
In [65], the authors proposed a policy architecture based on blockchain for the exchange of data between independent system operations and underoperating agents to protect against FDIA. The model contains three layers: (1) the data layer, (2) the detection layer, and (3) the blockchain layer. The data layer is responsible for the collection of data, the collected data are transferred to the detection layer for community detection, and the blockchain layer keeps the community detection and transaction record secure. In their research, the authors of [66] proposed a blockchain-based secure message transfer method for smart meters and service providers. The method prevents FDIA on the smart meter side. In this study, each transaction is initiated by the smart meters and the service provider is the master node. The transaction information is shared over the network and periodically validated by auditing and broadcasting of transactions. Service providers are connected in a peer-to-peer (P2P) network fashion. To add a new transaction/block, consensus verification is needed, and only after verification is the new block added. A key is generated using the SHA-256 algorithm at every transaction. Using the blockchain-based structure, the authors showed in this study that data can be exchanged within a P2P service provider network. In the study [67], a decentralized security model based on the lightning network and smart contract in the blockchain ecosystem was introduced. This model includes registration, scheduling, authentication, and charging phases. The authors of [68] proposed a novel framework with a combination of integrated hardware security and blockchain scheme for the grid-edge devices to maintain a distributed cybersecurity technique that verifies the provenance of messages both from and to the devices.

Hardware-Based Security
IoT devices are one of the most critical parts of the smart grid network. Theses devices are responsible for data collection and analysis and sending the data over the communication channel, and also at the same time, they need to be armored to combat any cyberattack [69]. Some of the key hardware security problems were discussed in [70]. These security problems includes physical attacks, side channel analysis, and hardware Trojans. In the physical attack, the attacker tries to bypass the authentication system. During the physical attack, the attacker exploits the vulnerabilities in the implemented system that they find using reverse engineering. In side channel analysis, the attacker uses the profile of the features such as current, voltage, and frequency to predict the cryptographic keys. A hardware Trojan is any change or addition made to a circuit with the intent of causing harm. Unauthorized access of private information, manipulation of circuit functioning, and reduction of circuit reliability are some of the primary objectives of hardware Trojans. The authors of [71] proposed methods to detect hardware trojan using path delay fingerprint.
Smart meters, sensors, and communication devices, among other IoT devices, face a number of difficult challenges, including low energy usage and a shortage of computing capabilities [72]. Physical unclonable functions (PUFs) offer completely secure authentication without the device containing any cryptographic capabilities, as it requires more computational resources; thus PUFs are particularly appealing for resource-limited IoT devices. However, with the evolution of machine learning, which is highly capable of predicting behavior using historical data/events, PUFs' behavior can also be predicted with 95% accuracy [73]. To protect PUFs against machine-learning-based attacks, the authors of [73] proposed a configurable tristate PUF (CTPUF), which used an XOR-based mechanism to ambiguate the relationship between the challenge and response. This ambiguity makes the machine learning model unable to draw any pattern between the challenge and response. The results in this study showed the accuracy of machine learning, including support vector machine (SVM), artificial neural network (ANN), and logistic regression model after CTPUF was about 60%. Another research showed the limitations of voltage-overscaling (VOS)-based authentication, as it can be exploited using machine learning models (ML) [74]. In this study, an ML-resistant VOS method that integrated previous challenges with keys was proposed. The results showed that the accuracy of the ML model after challenge self-obfuscation structure (CSoS) was about 51.2%.

Human-Centric Mitigation Approaches
In this section, we discuss various human-centric attack detection and mitigation approaches.

1.
Multifactor Authentication (MFA): As referred to Figure 5, this protects data from unauthorized access to data. The complexity of the password-breaking program increases exponentially when two sequential authentication processes are integrated. This minimizes the chance of unauthorized users getting access to the data. SMS token authentication, email token authentication, hardware token authentication, software token authentication, and phone authentication are some of the techniques that are currently used for multifactor authentication in various domains. When the user clears the first pass, he is redirected to one of the authentication methods in the second pass. All of the passwords/pin generated in the second pass are valid for single login. In an SMS token system, the user receives a unique pin number that can be between 4 to 8 digits over his phone. Similar to an SMS token, in an email token, the user receives the pin over his verified email address. There are various algorithms used to generate the random code after each login. The generation procedure is out of the scope of this paper. The hardware token is one of the most secured multifactor authentications and mainly used in sectors in which data security is highly critical such as banking, insurance, or healthcare. In this, the user needs to insert the hardware token into their device to use it. Software token MFA is little bit similar to the SMS token, and in this authentication system, instead of getting the one-time password through wireless service provider, the user receives it in an application. The software token provides a level of security almost similar to that of a hardware token, but in software token MFA, the user's device is treated as hardware.
The phone MFA can be through SMS, such as an SMS token, or a user can receive a call to verify his identity.

2.
Employee training: Advancements in technology have made attacks on smart appliances more difficult such that hackers are target humans. Machine learning approaches are playing a key role for attackers in recognizing employees' behaviors and reactions in different situations. Not all humans have the same level of knowledge about technology, and they adapt to the environment at their own pace if no training is provided. This makes humans easy targets for attackers. According to [33], social engineering attacks are the second most common attacks after malware. Ransomware is one of the most recent attack methods through which humans are targeted instead of directly targeting the machine. Employee training is one of the key requirements for cyberattack aversion. In the smart grid network, the end users at command and control centers are human beings. Proper training helps them to avoid any social engineering attacks such as phishing and ransomware. Any successful phishing attack gives complete control of the grid to the attackers and consequences can be catastrophic.
Another common type of attack that can be minimized by employee training is an insider attack. An insider attack occurs when any disgruntled employee uses the resources/access given to him to harm the organization. Employee training can beneficial to avert these attacks, as in that case, the employee will know what action he should take if he is not happy with the organization. Employee training can help to train workers to report any unusual behavior in their colleagues.

3.
Password Strength: Strong passwords reduces the chances of integrity and confidentiality attack. Weak passwords are more vulnerable to password-guessing attacks. Password guessing is the mechanism by which the attacker tries to obtain entry to a system by guessing passwords (and often usernames) to get the target device login. Additionally, to perform the attack, the attacker uses the network resources and bandwidth which limits the resources for legitimate users. These attacks are performed remotely and generate a large volume of log data. The password strength is specified in terms of information entropy, which is measured in bits. For instance, if a password is 32 bits, then by a brute force method, an attacker will need to make 2 32 attempts to crack the password-the stronger the password, the harder it is to crack. Strong passwords can make it almost impossible to guess the password, which is one of the viable methods to stop the intruder. Operating system protection: Customers are one of the weakest links in the cybersecurity chain, and a major challenge with customers is that they cannot be systematically trained like employees. Thus, devices themselves, such as smart meters and smart inverters, need to be protected. The most efficient way to bar customers from customizing the internal operating system of the device is to make them tamper-proof. Another reason for a secured operating system is to stop customers from manipulat-ing the reading of the meter. According to [75], a rigged smart meter can cost utility providers a huge loss, as the customers will be underpaying their bills.

2.
Notifying customers: Recommending the best possible methods to customers is another approach to protection based on their current setting. For example, if a customer is using the utility application on his handheld device and the operating system on his device is outdated, this can make him an easy target of an attacker to exploit the vulnerabilities. Every customer is important. Even if an attacker is successful in breaching one customer's privacy, he can grab enough information to increase his chances for a successful next attack.

3.
Software and hardware security: Apart from protecting the device against attack through the network, customers should protect their devices physically by having strong entry-level passwords for their devices. Customers providing minute and personal details to their friends can make them victims of password-guessing attacks. Sharing the password with friends can lead to an attacker installing bots to monitor the device and even taking full control of the device [76].

4.
Protection against third-party applications: Customers should always be cautious about an application asking for permissions. Customers store sensitive information on their device, and some third-party applications ask for more information than they actually need. Around 98.5% of customers either pay no attention or sometimes pay attention to the permissions required by the applications, and 93.6% of users accept the terms and conditions of the application either instantly or within 1 min [77].

5.
Cyberattack reporting: Utilities should build a platform where the customers can easily report any suspected attack. As the difference between the time of attack and and the time of report increases, the damage caused exponentially grows. A delay in reporting of attack puts not only one customer's privacy at risk but the privacy of other customers at stake as well. The most viable solution for this is to have a 24*7 customer support that can guide customers to the necessary actions to be taken at the time of attack.

Open Issues, Challenges, and Future Research Directions
As smart grids are environmentally friendly, they employ many of these renewable energy sources, and above all, they are safer than traditional power grids, they are better than traditional power grids in terms of efficiency and productivity [78]. The findings also revealed that the smart grid may also be vulnerable to cyberattacks. The advantages of using a smart grid in general will improve the security of cyberattack problems using a wide range of technologies and techniques. However, when conducting the study, multiple sources demonstrated the safety advantages and vulnerability associated with intelligent grids. Almost all research studies show that a denial-of-service attack would be a major issue for smart grids. Because intelligent grids are constructing the network, a network attack will render the smart grid inoperable. The smart grid would maintain service availability while providing several layers of security, utilizing the virtual private network (VPN) to increase secure communication, IPS, and IDS as the best security features. Smart grid and traditional grid are always at risk of human error. These errors may be due to overburdened employees, as it restricts their decision making capability, or it may be due to social engineering or insider attacks if employees are not trained to handle such kind of attacks. Attacks such as ransomware have increased by 500% since 2018, and that needs immediate attention, as ransomware attacks lead to huge losses and leaks of confidential information. Although some researchers have studied the impact of ransomware [79,80], more research is required to analyze the impact and reasons behind ransomware attacks in smart grid infrastructure.
Additionally, it is critical to be self-aware of cyberattacks on smart grids [78]. To protect the smart grid from various cyberattacks, the user should educate themselves on and mitigate the risks associated with the smart grid by doing various risk analysis and case studies. Furthermore, the study addressed possible difficulties associated with the smart grid. The issue with intelligent grids is that they connect disparate devices over huge networks of geographical locations. Therefore, the primary issue becomes protecting this equipment from the larger infrastructure. By enabling the sharing and encryption of data, blockchain technology may be beneficial for addressing security concerns posed by malicious nodes or hackers [81]. Additionally, it may be used to authenticate identities and give access to transactions by storing and documenting them in an integrated database, as well as enabling smooth and cost-effective data transfers across scattered devices. Computer network protocols must be updated to reflect the present state of communication and to incorporate modern encryption technologies and security countermeasures, according to [82]. As a result, protection against emerging cyber threats is given.
Numerous difficulties occur from numerous attacks on the security of smart grid systems, as the smart grid's safety requirements and objectives are dispersed across large areas [83]. Due to the critical importance of power infrastructure and the socioeconomic impact of blackouts, the smart grid may be a primary target of cyber terrorism [83,84]. Cyber defense solutions should be used to safeguard all components of smart grid systems. Defensive solutions should incorporate a variety of defense technologies, including machine learning [85], proactive IDS/IPS systems, wireless controlled propagation, authorization, authentication, and certification [83,84]. The solutions should incorporate scalable, resilient, and adaptive cybersecurity/defense approaches for intelligent grid operations that do not jeopardize genuine smart grid operations.

Conclusions
Risks are inherent in innovation, and the move from a conventional to a smart grid adds another layer of complexity. In addition to maintaining and developing a strong physical architecture for the smart grid, it is exceedingly challenging to build, operate, and maintain the communication network architecture. This study performed a deep analysis on the smart grid communication network and did an in-depth review of the potential cyberattacks and their mitigation techniques.
No attack is insignificant; even the tiniest strike might result in disastrous consequences. A solution was presented to build a robust smart grid network by securing customers, the smart grid's communication network, and its employees, as we believe not only that the communication network is vulnerable to cyberattacks, but also that the people who use or manage it are equally vulnerable and can become an easy target of the attacker if they do not properly handle the attacks.