A Survey on IoT-Enabled Smart Grids: Emerging, Applications, Challenges, and Outlook

: Swift population growth and rising demand for energy in the 21st century have resulted in considerable efforts to make the electrical grid more intelligent and responsive to accommodate consumers’ needs better while enhancing the reliability and efﬁciency of modern power systems. Internet of Things (IoT) has appeared as one of the enabling technologies for smart energy grids by delivering abundant cutting-edge solutions in various domains, including critical infrastructures. As IoT-enabled devices continue to ﬂourish, one of the major challenges is security issues, since IoT devices are connected through the Internet, thus making the smart grids vulnerable to a diverse range of cyberattacks. Given the possible cascading consequences of shutting down a power system, a cyberattack on a smart grid would have disastrous implications for the stability of all grid-connected infrastructures. Most of the gadgets in our homes, workplaces, hospitals, and on trains require electricity to run. Therefore, the entire grid is subject to cyberattacks when a single device is hacked. Such attacks on power supplies may bring entire cities to a standstill, resulting in massive economic losses. As a result, security is an important element to address before the large-scale deployment of IoT-based devices in energy systems. In this report, ﬁrst, we review the architecture and infrastructure of IoT-enabled smart grids; then, we focus on major challenges and security issues regarding their implementation. Lastly, as the main outcome of this study, we highlight the advanced solutions and technologies that can help IoT-enabled smart grids be more resilient and secure in overcoming existing cyber and physical attacks. In this regard, in the future, the broad implementation of cutting-edge secure and data transmission systems based on blockchain techniques is necessary to safeguard the entire electrical grid against cyber-physical adversaries.


Emerging Smart Grids
With the expansion of cities and proliferation of the population, the need for a flexible and intelligent type of electrical grid that could accommodate the diverse demand of different customers has increased. In 2007, the National Institute of Standards and Technology (NIST) proposed a framework for the future electrical grid to guarantee the reliable, scalable, secure, interoperable, and manageable operation of electrical grids while being cost-effective [1]. Figure 1 shows the evolution of electrical grids toward the future grid, known as the smart grid system.
In a smart grid system, renewable energy resources such as wind, solar, and power storage units are integrated into the grid system. These new power generation technologies, which may be smaller, more widely distributed, and more ecologically friendly, could In a smart grid system, renewable energy resources such as wind, solar, and power storage units are integrated into the grid system. These new power generation technologies, which may be smaller, more widely distributed, and more ecologically friendly, could preserve grid resilience and disperse overload centers [2]. The smart grid employs a widespread sensor network supported by a two-way communication system for constant monitoring of the grid status. The bidirectional communication network allows the exchange of measurement data and control signals between grid entities, improving the grid and user asset monitoring and management. Moreover, to process the collected data within the required time frames, the smart grid should be supported by sufficient computational resources. The control and monitoring are conducted in a more distributed way, as the volume of the collected data is enormous, and the sensors are dispersed across the entire grid.
As a result of such capabilities, the smart grid can manage the supply-demand balance of energy more effectively, securely, and reliably. Moreover, the smart grid can be considered an enabler for the realization of smart homes and electric transportation, providing a platform for customers' participation with utility companies and helping reduce carbon emissions. The merits of smart grids in comparison to traditional electrical grids are presented in Table 1 [3,4]. However, these advantages would be obtained at the cost of increasing the grid's complexity and infrastructure, which demands an ongoing effort to overcome challenges using emerging technologies and solutions [5,6]. Evolution of electrical grids-from traditional grids to smart grids [2].
As a result of such capabilities, the smart grid can manage the supply-demand balance of energy more effectively, securely, and reliably. Moreover, the smart grid can be considered an enabler for the realization of smart homes and electric transportation, providing a platform for customers' participation with utility companies and helping reduce carbon emissions. The merits of smart grids in comparison to traditional electrical grids are presented in Table 1 [3,4]. However, these advantages would be obtained at the cost of increasing the grid's complexity and infrastructure, which demands an ongoing effort to overcome challenges using emerging technologies and solutions [5,6].

•
Localized and large-scale power outages. • Significant business loss to the utilities and electricity markets. • Social security threats to customers by publicizing their information. • Manipulation of energy consumption records.

•
Interrupting the process of transactive energy systems. To counterattack the aforementioned challenges, several technologies, such as machine learning methods, artificial intelligence (AI), blockchain, and multifactor authentication systems, have been developed [17].

Motivational Factors and Contributions
The latest improvements in IoT-enabled smart grids and energy systems inspired this survey. The IoT offers the structure and protocols for the smart system's sensing, actuation, communication, and processing technologies. Moreover, the fast growth of technology in several IoT industries has created new prospects for developing smart grids smoothly. This paper will aid potential researchers, industrial experts, and stakeholders in comprehending the architecture of an IoT-enabled smart grid system. It will also familiarize readers with different applications of IoT technologies, security vulnerabilities, and mitigation strategies to maintain the safe operation of smart energy systems. In this regard, the key contributions of the study are as follows: • The concept of an IoT-enabled smart grid and recent practical advances are investigated, especially the application, challenges, and opportunities of communication technologies in modern power systems.

•
The study examines the use of 5G-based IoT technologies for smart grids, considering the technology's fast data transfer speed for remote control, strong security for preserving customer privacy, and high dependability for guaranteeing smart grid efficacy. • This study investigated and classified energy grid IoT security vulnerabilities, and it also included mitigating strategies. We concentrated on how a cyber adversary might take advantage of vulnerabilities in IoT systems and conduct malicious attacks that could jeopardize the security of the IoT energy system. Energy theft in smart meter data, injection attacks in IoT home automation systems, denial-of-service attacks on IoT data analytics, manipulation attacks on transactive energy systems and the electricity market, etc., are only a few of the threats that have been researched. Potential lightweight intrusion-detection technologies for IoT systems and prospective solutions to mitigate threat and device-level vulnerabilities have also been studied. Although they were not given much attention in the past, these issues will soon rank among the most important. Moreover, it is significant to mention that, to our knowledge, no study has ever conducted such a precise survey on the cybersecurity architecture of IoT-enabled smart grids.

•
The study covered the potential for end-users of distributed ledger systems based on blockchain. The protection of data privacy during peer-to-peer energy trade and information exchange was also underlined. To examine the potential prospects and applications in an IoT context, emerging machine learning methods for IoT-enabled energy systems were also explored. • A detailed future work recommendation is made to achieve the application of 5Gbased IoT devices and their security protection equipment and software to smart grids. Future research also recommends several approaches to improve the effectiveness and dependability of IoT-enabled smart grids, including ubiquitous data acquisition, data visualization, real-time state awareness, intelligent distribution networks, precise load control, edge computing, network security, and new business models.
It is important to mention that, to further demonstrate this study's novel contributions, a comparison table is provided in the Appendix A as Table A1.

Paper Organization
The organization of this paper is as follows: Section 2 briefly explains the motivations behind the implementation of IoT-enabled smart grids, followed by the IoT technologies, architecture, and protocols, which are briefly described in Section 3. The applications and security aspects (including challenges and solutions) of IoT-enabled smart grids through several examples are presented in Sections 4 and 5, respectively. Ultimately, Section 6 provides conclusions on the findings of this survey.

Motivation behind Implementation of IoT-Enabled Smart Grids
The key features of IoT technology are depicted in Figure 2, showing its potential to provide an excellent solution to recent issues of transitioning a traditional electrical grid into a modernized smart grid. The adoption of IoT technology is growing in popularity for current smart grid applications in residential and commercial structures. The use of sensors and smart metering in a smart power grid would allow for more efficient operation at all levels of power generation, transmission, and distribution, resolving most of the industry's problems. It also has a smart option for real-time monitoring of power flow throughout the electrical grid [18]. The IoT, backed up by big data analysis, may help with critical power-source and end-user demand decisions [19]. On the same grounds, real-time insight analysis may influence the creation of new rules by policymakers and power-generating service providers to readily react to market fluctuations, which requires establishing a mechanism to raise or reduce output to increase energy efficiency. Furthermore, these technologies enable the effective analysis of the acquired data for future state estimation purposes. Furthermore, customers would be able to monitor real-time energy pricing and properly limit their power usage with the aid of mobile devices that are equipped with IoT technology [20].

Clearing the Confusion-IOE, IoT, and IoE
Before the commencement of this survey, it is necessary to clarify three terminologies that are frequently used in the literature: (1) Internet-of-Everything (IOE), (2) Internet-of-Things (IoT), and (3) Internet-of-Energy (IoE). The IOE, as shown in Figure 3, expresses a broad range of meanings, including the IoT. Nevertheless, the IoT and IoE have been used interchangeably on many occasions to convey similar conceptual ideas, yet hold their differences in terms of field applications. The IoE has a five-layered architecture with respect to its functionality: (1) infrastructure layer, (2) networking of energy internet, (3) energy router, (4) smart energy management system, and (5) smart terminals [23][24][25]. This study focuses on the IoT, which aids the efficient management of energy systems. Several functionalities that IoT-enabled smart grids can achieve are listed below [21,22]: • Self-healing capability enables grid operators to intelligently detect the exact location of faults while assessing their impacts on the entire grid and responding promptly. • Large-scale integration of renewable energy resources. • Further implementation of state estimation devices, phasor measurement units (PMUs), and smart devices (AI-enabled devices) to enhance the power quality, coordination monitoring, and resilience of smart grids.

•
Providing an interactive platform for utility and consumers to exchange information instantly. Moreover, consumers would have control over their energy use and tariff selection based on the time-of-use (ToU).

•
Providing operational and managerial services for real-time charging, such as vehicleto-grid, vehicle-to-home, and home-to-grid (prosumers) solutions and easing additional growth of electrification levels. Before the commencement of this survey, it is necessary to clarify three terminologies that are frequently used in the literature: (1) Internet-of-Everything (IOE), (2) Internet-of-Things (IoT), and (3) Internet-of-Energy (IoE). The IOE, as shown in Figure 3, expresses a broad range of meanings, including the IoT. Nevertheless, the IoT and IoE have been used interchangeably on many occasions to convey similar conceptual ideas, yet hold their differences in terms of field applications. The IoE has a five-layered architecture with respect to its functionality: (1) infrastructure layer, (2) networking of energy internet, (3) energy router, (4) smart energy management system, and (5) smart terminals [23][24][25]. This study focuses on the IoT, which aids the efficient management of energy systems.

Clearing the Confusion-IOE, IoT, and IoE
Before the commencement of this survey, it is necessary to clarify three terminologies that are frequently used in the literature: (1) Internet-of-Everything (IOE), (2) Internet-of-Things (IoT), and (3) Internet-of-Energy (IoE). The IOE, as shown in Figure 3, expresses a broad range of meanings, including the IoT. Nevertheless, the IoT and IoE have been used interchangeably on many occasions to convey similar conceptual ideas, yet hold their differences in terms of field applications. The IoE has a five-layered architecture with respect to its functionality: (1) infrastructure layer, (2) networking of energy internet, (3) energy router, (4) smart energy management system, and (5) smart terminals [23][24][25]. This study focuses on the IoT, which aids the efficient management of energy systems.

IoT Layered Slicing
The design of IoT-based systems is completely reliant on the operation of the associated components through the utilization of a variety of technologies in different locations. The architecture is often recognized based on a layer-by-layer articulation where each layer is assigned to a specific task that it must accomplish [26]. Figure 4 shows a four-layered design applicable to the integration of the IoT with the smart power grid, which is more important in terms of the IoT application and compliance with energy system regulations [27].
The four-layered IoT-enabled smart grid design includes [28]: (1) Physical layer: The physical layer is the foundation of the architecture of the IoTenabled smart grid and includes the grid's physical facilities and executors. All distributed and decision-making instructions are carried out at this layer to provide the system's desired functionality. Additionally, the bidirectional energy flow between power generation, transmission, distribution, and customers happens inside this layer. (2) Communication network layer: The key layer of the IoT-enabled smart grid architecture is the communication network layer, which serves as a link between the lower physical and upper cyber layers. It covers the general activities of the information network, such as the interaction between electrical facilities and heterogeneous components and transferring the higher layer's control instructions and the lower layer's collected data. (3) Cyber layer: The cyber layer, or more accurately, the decision-making layer, is the core of the portrayed architecture, which comprises a cloud-based central processing mechanism and distributed computing intelligence to optimize both computing and control techniques. This decision-making layer serves as the system's executive brain, providing a human-computer interface to the top layer to enable it to coordinate all lower levels by developing and issuing suitable orders. (4) Application layer: The highest level of decision-making layer is the application layer, also known as the management and control layer, which encompasses service providers, markets, and operations. To conduct power generation and consumption in the physical world, decision-makers analyze all concerns from the economic, social, and environmental viewpoints by considering market regulation, pricing, and incentive measures. The optimum operations are carried out based on two-way information and value flows between markets and service providers, which is a distinguishing feature of this layer. The design of IoT-based systems is completely reliant on the operation of the associated components through the utilization of a variety of technologies in different locations. The architecture is often recognized based on a layer-by-layer articulation where each layer is assigned to a specific task that it must accomplish [26]. Figure 4 shows a fourlayered design applicable to the integration of the IoT with the smart power grid, which is more important in terms of the IoT application and compliance with energy system regulations [27]. The four-layered IoT-enabled smart grid design includes [28]: (1) Physical layer: The physical layer is the foundation of the architecture of the IoTenabled smart grid and includes the grid's physical facilities and executors. All distributed and decision-making instructions are carried out at this layer to provide the system's desired functionality. Additionally, the bidirectional energy flow between power generation, transmission, distribution, and customers happens inside this layer. (2) Communication network layer: The key layer of the IoT-enabled smart grid architecture is the communication network layer, which serves as a link between the lower physical and upper cyber layers. It covers the general activities of the information

IoTs, from the Perspective of Information and Communications Technology
The four enablers of information and communications technologies (ICTs) in the IoT-based smart grid architecture are cloud computing, communication network, edge computing, and physical entities [27]. Each of these components is explicitly defined below [29,30]: (1) Cloud computing: Cloud computing can handle big data's networking, storage, and computational needs and offers extensive application services. Cloud computing, with the help of virtualization technology, can combine hardware and software resources from several geographical areas to establish a virtual platform with powerful storage and processing capabilities. It is important to emphasize that cloud computing is critical for enabling common, suitable, and on-demand network access to a distributed group of configurable computing resources, which can be automatically provisioned and released with minimal effort on the part of service providers. The term "cloud" is often used to characterize data centers that are scattered across several geographic areas and can be made available to many customers over the Internet. Cloud computing allows large data storage and extremely dependable, scalable, and autonomous processing. Cloud services are used to aggregate data and information from various elements, such as sensors, appliances, and other devices. They also process and analyze the collected data and provide the results to consumers and service providers for more insights. Different features of cloud computing are shown in Figure 5 [31]. (2) Communication network: Communication networks consist of data transmission links between the physical and cyber layers that connect user terminals, edge devices, and cloud computing resources to build the smart grid's omnipresent information network. Since each electrical service has unique communication, computation, and storage requirements, establishing specialized physical facilities for different types of applications in the IoT-enabled smart grid architecture is costly and may undermine grid connectivity and interoperability [32]. Therefore, the precise selection of communication technologies is an essential aspect of IoT-enabled smart energy grids. Tables 2 and 3 classify and compare the widely used wired and wireless communication network technologies in smart grid systems [33][34][35][36][37]. (3) Edge computing: Edge computing refers to the deployment of distributed intelligent agents at the edges of the network and closer to IoT-enabled devices to provide computation, storage, and application services near data sources. Although cloud computing can provide the required computational capabilities to the smart grid, the central cloud is located at a large distance from the data source, resulting in lengthy latency. However, many electricity applications and services could benefit from offloading computational and storage tasks to the proximity of IoT-enabled devices, which results in much lower service response latency and a reduction in communication overhead and traffic load to the central network, and an improvement in context-awareness. The offloading of computational tasks to the embedded resources available on IoT devices is known as edge computing. However, for some applications, the computational power in embedded devices is not sufficient, and the latency of the cloud is intolerable, which brings in the necessity for a processing layer between the network's edges and the cloud, known as the fog server. Nevertheless, the computational capacity of fog servers is far less than that of cloud servers. To overcome this limitation, the architectural standard of multi-access edge computing (MEC) has been proposed for IoT applications, aiming to move cloud resources to the edge of a network. The edge computing classifications are depicted in Figure 6 [38,39]. Peak-load shifting and real-time load-demand balancing to provide optimal options for power generation scheduling are examples of using edge computing proposed in smart grid applications [40]. (4) Physical entities: The term "physical entities" refers to different electrical components of the power grid, spread across the power grid as basic components of the power system, conducting distributed sensing, and acting. In the IoT-enable smart grid, physical entities could benefit from AI methods to gain the ability to learn from their experiences and environments, react to new inputs and execute human-like activities. Moreover, through device-to-device (D2D) communication, neighboring entities can create direct communication among themselves, without using a third party, to exchange information directly [41]. (4) Physical entities: The term "physical entities" refers to different electrical compo-nents of the power grid, spread across the power grid as basic components of the power system, conducting distributed sensing, and acting. In the IoT-enable smart grid, physical entities could benefit from AI methods to gain the ability to learn from their experiences and environments, react to new inputs and execute human-like activities. Moreover, through device-to-device (D2D) communication, neighboring entities can create direct communication among themselves, without using a third party, to exchange information directly [41].

Operating Software for IoT Devices
The IoT consists of gateway nodes and end devices connected by various communication methods and controlled by microcontroller units (MCUs). The end devices in an IoT architecture take different forms, such as sensors, actuators, and switches, which can often execute a restricted range of actions. End-devices are usually compact, featuring a resource-constrained MCU (RAM, ROM, and energy), and can communicate via short-

Operating Software for IoT Devices
The IoT consists of gateway nodes and end devices connected by various communication methods and controlled by microcontroller units (MCUs). The end devices in an IoT architecture take different forms, such as sensors, actuators, and switches, which can often execute a restricted range of actions. End-devices are usually compact, featuring a resource-constrained MCU (RAM, ROM, and energy), and can communicate via shortrange low-power communication protocols [42]. The MCU firmware plays a vital part in IoT operations. It is now possible to install firmware that can perform more on the device itself and receive automatic security updates (OTA). This firmware can be a whole operating system (OS) that enhances the device's functionality and security. Because the resources of these end devices are still restricted, data must be gathered and transferred in real-time, with no buffering. These operating systems are referred to as real-time operating systems (RTOS). The usage of an RTOS also allows a programmer or system integrator to be more productive, as the OS provides access to the majority of low-level tasks [43].
Gateway devices, which operate as a bridge between various IoT devices, support communication protocols and have a greater capacity to capture and analyze data. When cloud services are part of a design, gateway devices, which reside at the junction between the external Internet and the internal local Intranet, are also known as edge gateways. Gateway devices require an operating system that can handle a variety of communications. They must also be secure and resistant to external cyberattacks. Unlike end devices, gateway devices typically provide a user interface for controlling various aspects of the network or visualizing data [43].

Standards and Protocols for IoT Technologies
The physical or data collection layer's standard is determined by the devices utilized in that layer. Since there are so many different types of sensors and device makers, international organizations such as the ISO, IEC, and IEEE have developed a multitude of standards. For instance, the following ISO standards are used for different RFID applications [4,[44][45][46]

Applications of IoT Technologies in Smart Energy Grids
Efficient management of the power generation sector, SCADA-connected transmission network, AMI in the distribution systems, emission gases monitoring, smart home, and building systems, and many other areas of energy systems have prospective uses for IoT technologies. As a cutting-edge IoT solution, fog computing opens a world of possibilities for improving and managing the SCADA-connected transmission network. Most smart home appliances have been completely automated in the past few years thanks to IoT technologies. In this section, several solutions for smart grid applications that have been facilitated based on IoT technology are discussed.

Fog-Based Energy Grids through the Utilization of SCADA
SCADA systems are critical for regulating and monitoring electrical energy generation, transmission, and distribution. The SCADA system collects data and information from the energy systems, and oversees automation procedures to manage and regulate various system parameters to ensure that the operation continues smoothly. In recent years, with further accessibility of IoT solutions, such as fog computing, the operation of the SCADA system has become more efficient [47]. The architecture of a fog-based SCADA system for the energy grid is given in Table 4 [48].

AMI-Connected Distribution Networks
AMI is an architecture for bidirectional, planned communication between customers' IP-based smart meters and the service provider. The goal of an AMI is to keep utility service providers informed about the real-time power consumption of power users. It is anticipated that, within the next 5 years, users should be able to make energy-efficient decisions based on real-time tariffs provided by the AMI system [49]. Through effective smart meter connections, IoT-based AMI offers considerable potential for optimizing and regulating the energy use of customers. AMI can be connected to a variety of appliances such as lights, fans, dishwashers, switches, power outlets, and geysers to collect and transfer real-time data to utility providers to support optimal energy management [50]. Figure 7 depicts different integration layers of IoT devices and their protocols in distribution networks [26].

IoT for Smart Meters
IoT technologies aid smart meters in managing homes, cities, and grids intelligently by collecting consumers' energy consumption in real time and transferring them to utility service providers for the optimal management of energy grids. Smart meters can be used to monitor the state of different parameters such as voltage readings, current readings, temperature, moisture status, and the capacity to alter those parameters, as well as energy usage, remotely [51]. Table 5 presents the advantages and disadvantages of using IoTenabled smart meters [52][53][54].
sions based on real-time tariffs provided by the AMI system [49]. Through effective smart meter connections, IoT-based AMI offers considerable potential for optimizing and regulating the energy use of customers. AMI can be connected to a variety of appliances such as lights, fans, dishwashers, switches, power outlets, and geysers to collect and transfer real-time data to utility providers to support optimal energy management [50]. Figure 7 depicts different integration layers of IoT devices and their protocols in distribution networks [26].

IoT for Smart Meters
IoT technologies aid smart meters in managing homes, cities, and grids intelligently by collecting consumers' energy consumption in real time and transferring them to utility service providers for the optimal management of energy grids. Smart meters can be used to monitor the state of different parameters such as voltage readings, current readings,  According to a conducted survey in the UK, 80% of customers indicated that they are happy with smart meters' functionality [55] Awareness of deals This option includes personalized tariffs tailored to a home's specific energy needs and use

Disadvantages
Requires proactive use for savings Smart meters do not automatically save you money. Customers must actively engage with the meter and adjust their behavior in response to its data, or their bills will not decrease Smart meters may lose functionality after switching The majority of smart meters now in use are first-generation devices that frequently "go dumb" or lose functionality once customers switch energy providers Not available to some consumers on prepayment and time-of-use tariffs Smart meters are technically available for houses on prepayment and time-of-use tariffs, and while they can make these tariffs easier to monitor and save money with, their use is restricted Privacy concerns for some customers Unfortunately, cyber-physical attacks through the breach of information and privacy are increasing day by day

Application of 5G in IoT-Based Demand Response Programs (DRPs)
Demand response programs (DRPs) are defined as a shift in customers' electrical consumption patterns from their usual patterns in response to a variety of factors, such as price changes during a specific period of operation, receiving incentivized payments from power market operators to reduce their electricity usage during high prices, or when system reliability is threatened due to unpredicted contingency events [56]. In general, 5G-based IoT devices are expected to play a significant role in regulating demand response in future energy networks. Since most of the recently integrated IoT devices are cloudbased platform types of devices, software applications operating on the cloud platform can make data integration and exchange easier [57,58]. Furthermore, the IoE framework allows prosumers and utilities to independently coordinate supply and demand with the help of sophisticated forecasting algorithms that utilize weather predictions, anticipated traffic patterns, and other intelligent aspects of IoT-based energy systems [59]. To further investigate the 5G networks' applications for enhancing the demand response programs in smart energy grids, they are summarized in Table 6 [60,61].

General Definitions, Framework, and Guidelines
The energy grid systems have become more intelligent and interactive with the widespread use of IoT-based technologies, which improves the system's consistency, efficiency, and adaptability. Cybersecurity vulnerabilities, on the other hand, are becoming increasingly common. Thus, this section will discuss the security issues in IoT-connected smart energy systems and their corresponding mitigation strategies. Figure 8 portrays the general paradigm of cyber-physical security in smart energy grids [62]. Five significant causes make the smart grids vulnerable to cyberattacks [63]: (1) Ever-increasing development of intelligent electronic devices (IEDs): The number of attack sites grows in lockstep with the number of devices in the network. Even if a single point's security is breached, the entire network system is affected. (2) Unregulated installation of third-party components: Experts advise against using third-party components because they make the network more vulnerable to hacking. These devices might be infected with Trojans, which could then spread to other network devices. (3) Insufficient personal training: To use any technology, appropriate training is required.
When employees are not properly trained, they are more likely to fall prey to phishing scams. (4) Insecure Internet protocols: In terms of data transfer, not all protocols are secure.
Unencrypted data transport is used by several protocols. As a result, they are easy targets for man-in-the-middle attacks that extract data. (5) Maintenance: The primary objective of maintenance is to keep things running smoothly.
It can also be used as a vector for cyberattacks. Operators frequently deactivate a security system during maintenance to undertake tests. (5) Maintenance: The primary objective of maintenance is to keep things running smoothly. It can also be used as a vector for cyberattacks. Operators frequently deactivate a security system during maintenance to undertake tests. The abovementioned five causes may compromise one of the five main goals of the cybersecurity framework in smart grids [64][65][66]: (1) Authentication: The ability to verify the identity of any smart grid communication device. For example, to bill the relevant user, the energy provider must validate each smart meter. (2) Authorization: Ensures that an authenticated person or an object is authorized to accomplish certain tasks or has been granted the necessary privileges to access a certain category of resources. For example, an agent requires authorization to access and conduct manual configuration on a smart meter. (3) Availability: Ensures that when a user needs some resources and/or data, they are always available for usage. (4) Confidentiality: Guarantees that only the intended recipients have access to data that have been stored or transmitted. For example, only smart grid operators and energy providers should be aware of the end users' consumption patterns and data. (5) Integrity: Certifies that received data have not been tampered with in any manner.
For example, smart meters must ensure the integrity of software updates as well as The abovementioned five causes may compromise one of the five main goals of the cybersecurity framework in smart grids [64][65][66]: (1) Authentication: The ability to verify the identity of any smart grid communication device. For example, to bill the relevant user, the energy provider must validate each smart meter. (2) Authorization: Ensures that an authenticated person or an object is authorized to accomplish certain tasks or has been granted the necessary privileges to access a certain category of resources. For example, an agent requires authorization to access and conduct manual configuration on a smart meter. (3) Availability: Ensures that when a user needs some resources and/or data, they are always available for usage.
(4) Confidentiality: Guarantees that only the intended recipients have access to data that have been stored or transmitted. For example, only smart grid operators and energy providers should be aware of the end users' consumption patterns and data. (5) Integrity: Certifies that received data have not been tampered with in any manner.
For example, smart meters must ensure the integrity of software updates as well as the source origin.
A framework for improving smart grid cybersecurity was established by the NIST, which suggests 14 requirements for smart grids to safeguard themselves against different types of cyber-physical attacks: (1) Staff awareness training.
(2) Access control and configuration management.

Historical Cybersecurity Attacks (in the Context of IoT-Enabled Smart Grids)
To better comprehend the risks posed by cyberattacks on the critical infrastructure of electrical grids, in this section, we will discuss a number of significant instances of cyberattacks around the globe [67].

Tram Hack Lodz, Poland (2008)
A tram system was hacked in Lodz city and escalated to the point where a dozen passengers were severely injured. This was the first cyber-kinetic attack that resulted in human injury.

Texas Power Company (2009)
An employee of Texas power company (TPC) who had recently been dismissed hacked the company's network to disable power forecasting systems. They took advantage of logins that had not yet been deactivated.

Iran Nuclear Facility Attack (2010)
Stuxnet was created to disrupt and destroy Iran's nuclear program, but it also demonstrated that it has the capability to do considerable physical damage to vital infrastructures by focusing on computer controllers and SCADA systems that oversee industrial equipment [68].

Bowman Avenue Dam Cyberattack (2013)
Hackers were able to acquire control of the floodgates of the Bowman Avenue Dam in New York. Investigations revealed that they could have simply modified water flow parameters or even the quantity of chemicals used in water treatment to lead to devastating consequences. It would have had disastrous implications if this had happened.

Ukraine Power Grid Attack (2015)
Cyberattacks on the energy sector are rising, posing a growing danger to the reliability and safety of smart grids. The successful strikes on Ukraine's electrical grid in 2015 demonstrate this threat. Attackers obtained access to distribution grid operator consoles and remotely closed breakers on several occasions, causing local blackouts. The attack shut down 30 substations, affecting about 230,000 people. In similar incidents, attackers might compromise communications channels and change data, or they could flood the highly connected network with data traffic, limiting operators' ability to monitor and operate the grid [69].

Dyn Distributed Denial-of-Service (DDoS) Cyberattack (2016)
Dyn, an internet service provider, was hit by a cyberattack that brought down large areas of the Internet in the United States of America (USA) and interrupted access to famous websites. The hackers carried out widespread denial-of-service assaults. The DDoS attack took control of the Mirai botnet, which scours the Internet for inadequately protected IoT devices with factory default usernames and passwords. They then took control of a large number of unsecured IoT devices and used them to make requests to Dyn servers for services. The site was swamped by fake traffic, which caused it to crash.

Attack on the Smart Building Facilities in Lappeenranta, Finland (2016)
During the middle of the Finland winter in the city of Lappeenranta, a targeted DDoS attack shut off the heat and hot water systems in two apartment complexes.

Cyberattack on the UK Electrical Grid (2017)
A power infrastructure that distributes electricity to the United Kingdom and Ireland was targeted in July 2017. The cyberattack was aimed at penetrating power management systems, allowing them to shut down a section of the energy grid. It was accomplished with the help of several falsified emails sent to senior executives at the power business.

Cyberattack at the Petrochemical Plant in Saudi Arabia (2017)
A failed cyberattack on a Saudi Arabian petrochemical factory was meant to not only impair the plant's operations but also produce an explosion that could have killed people. Fortunately, a glitch in the attackers' computer programming stopped the explosion from taking place.

Main Cyberattack Strategies in IoT-Enabled Smart Grids
Cyber adversaries utilize four key access and control methods to target devices: scanning, surveillance, maintenance, and manipulation. During the first step, reconnaissance, the attacker collects and acquires information about their target. They seek to discover the system's weaknesses in the second step. These moves are intended to help understand and recognize the services available and running on the open ports and the hosting device characteristics (e.g., operating system, manufacturer). During the target exploitation time, they aim to gain concession control over the entire system. After gaining target administrator access, the final step must be completed so that access may be maintained indefinitely. This is accomplished by installing a covert and undetectable application that allows them to quickly return to the target system. Security requirements are a concession in the smart grid, as attackers take the same procedures. At each stage, they use a variety of tactics to breach a specific system [17,70]. Figure 9 demonstrates a stepwise procedure of cyberattacks during the exploitation of cyber adversaries [71], where Table 7 presents how each type of attack can compromise system security [63,72]. Figure 10 vividly shows how cyber attackers can breach systems' security [73].

Attack Category Security Goals Description References
Flooding attack Availability Deterring users from utilizing resources [74,75] Denial of service Availability Stop serving of user's request [76] Jamming channel Availability Jamming the network [77,78] Buffer overflow Availability and confidentiality Overwriting the memory of the buffer [79] False data injection (FDI) Integrity Tampering the real data [80,81] Social engineering Integrity and confidentiality Attacking humans instead of machines or networks [82,83] MITM Confidentiality Extracting packet information between sender and receiver [63,84] Packet sniffing Confidentiality Analyzing the packet [85] Session hijacking Integrity and confidentiality Obstructing the user from resources for a particular amount of time [86] Data manipulation Integrity Data tampering [87] Replay attack Integrity Send data continuously [88,89]

Reconnaissance Definition and Strategies
The reconnaissance procedure includes attacks such as traffic analysis and social engineering. In social engineering, instead of focusing on technology abilities, the focus is on the human connection and social engineering that revolves around it. Persuasion and communication gain are used by an attacker to earn the user's trust in order to access private and credential information, such as PINs or passwords to log in to the server [82]. Password and phishing attempts, for example, have become commonplace in social engineering. The traffic analysis monitors and analyzes network traffic to determine which machines and hosts connect to the network, obtaining their IP addresses. Social engineering and traffic analysis are the main threats to information security [85,90].

Scanning Strategies
The scanning is the next step in detecting all the available network machines and hosts. IP addresses, ports, utilities, and security issues are all factors to consider while scanning. An intruder would normally start identifying the network by scanning the hosts connected to their newly acquired IP addresses. Then, they examine each port to establish which ones are available. This scan is performed on any found host network. The attacker then runs a service scan to see what service or device is running behind each open port [91]. Vulnerability scanning is the final stage, which identifies defects, goals, and vulnerabilities associated with each service system on the target devices to be attacked at a later stage. Modbus and DNP3 are two industrial protocols that are vulnerable to scan attacks. Instead of utilizing the scanning Modbus network approach, TCP/Modbus was created to safeguard it. The attack involves delivering an innocuous message to all networked

Reconnaissance Definition and Strategies
The reconnaissance procedure includes attacks such as traffic analysis and social engineering. In social engineering, instead of focusing on technology abilities, the focus is on the human connection and social engineering that revolves around it. Persuasion and communication gain are used by an attacker to earn the user's trust in order to access private and credential information, such as PINs or passwords to log in to the server [82]. Password and phishing attempts, for example, have become commonplace in social engineering. The traffic analysis monitors and analyzes network traffic to determine which machines and hosts connect to the network, obtaining their IP addresses. Social engineering and traffic analysis are the main threats to information security [85,90].

Scanning Strategies
The scanning is the next step in detecting all the available network machines and hosts. IP addresses, ports, utilities, and security issues are all factors to consider while scanning. An intruder would normally start identifying the network by scanning the hosts connected to their newly acquired IP addresses. Then, they examine each port to establish which ones are available. This scan is performed on any found host network. The attacker then runs a service scan to see what service or device is running behind each open port [91]. Vulnerability scanning is the final stage, which identifies defects, goals, and vulnerabilities associated with each service system on the target devices to be attacked at a later stage. Modbus and DNP3 are two industrial protocols that are vulnerable to scan attacks. Instead of utilizing the scanning Modbus network approach, TCP/Modbus was created to safeguard it. The attack involves delivering an innocuous message to all networked computers to capture their data. On the SCADA Modbus network, Mods scan is a well-known scanner that can discover and open TCP/Modbus connections, and identify system IP addresses and slave IDs [92].

Exploitation Strategies
The third step, exploitation, involves hostile operations attempting to acquire control of the IoT-enabled smart energy system components and exploiting vulnerabilities [82]. Viruses, worms, and Trojan horses infecting the human-machine interface (HMI). Privacy violations, channel jamming, integrity breaches, and other assaults, such as denial of service (DOS), man-in-the-middle (MITM), and replay attacks, are all instances of these activities [93,94]. Viruses are programs that infect computers, devices, and/or machines in smart energy systems. A worm is a self-replicating program. It infects the system and other devices by spreading across the network, copying itself, and infecting them. A Trojan horse is computer software that impersonates a beneficial function on the target computer [95,96].

Maintaining Access
In the final step, the attacker utilizes a specific attack to gain permanent access to the target, such as backdoors, infections, and Trojan horses. Undetectable software, such as a backdoor, is installed on the target surreptitiously so that it may be accessed fast and simply [97]. Assume that the attacker has successfully created a backdoor into the SCADA server control: in such a situation, they will be able to launch a series of attacks against the system, having a severe impact on the entire power system. On the IT network, the security requirements are established in order of importance: (1) confidentiality, (2) integrity, and (3) availability [98].

Adverse Impacts of Cyberattacks on Smart Grids
In the following, we will discuss several examples related to the negative impacts of cyberattacks on the safe operation (from economic and stability points of view) of the IoT-enabled smart grids.

Electricity Market Losses
Cyberattacks on smart energy systems have significant potential economic and physical consequences. Even though the current study has focused on cyber technical/physical attacks on smart grids, it is also critical to pay greater attention to cyberattacks in terms of associated economic risks. Smart grids have had severe economic difficulty with cyberattacks, particularly renewable energy resources with a high penetration level. Electricity markets are a mix of real-time and day-ahead trading [99,100]. The day-ahead market is primarily concerned with finding the most cost-effective solution to optimization and load forecasting problems. Since load forecasting is impacted by fake data injection (FDI) cyberattacks in the day-ahead market, the optimization algorithms would be unable to accurately determine the location marginal prices (LMPs) of the grid [101,102]. On the other hand, the real-time market assesses the dispatched power from each generating unit to meet the required load demand of each bus [103,104]. It is also necessary to calculate the power that flows through transmission lines to achieve the congestion pattern and consequently evaluate real-time LMPs. Thus, FDI attacks can impact precise state estimation of the power grids in the real-time electricity markets [105,106].

Power System Stability
The FDI attacks have had major technological and physical consequences for IoTenabled smart grids. In the case of FDI attacks, smart grids must usually deal with steady-state stability and transient effects [107]. The impact of FDI attacks on steady-state stability on voltage control demand current/voltage/power management and energy management of smart grids is very significant [108,109]. Furthermore, the cyberattacks have a negative influence on electrical grid steady-state functioning, whereas the FDI attacks have harmed the dynamic and transient stability of smart grids. FDI can also impact the smart grid frequency control system. However, the goal will be to maintain rotor angle stability [110,111].

Energy Theft
The widespread use of IoT-aided AMI in the smart energy grid allows for the transmission of massive energy data and information in a more reliable, efficient, and effective manner for smart grid system management. It replaced the existing analog meter reading and data gathering system with a digital system. Those massive volumes of acquired data and information are wirelessly transferred for further processing with the help of IoT technology, which significantly reduces labor-intensive operations [112]. In the energy sector, energy theft has become a major cause of concern. Both energy service providers and consumers have suffered significant financial losses because of energy theft. The most basic kind of energy theft is tampering with an energy meter so that it can no longer record real energy use and thereby alter the energy bill. Energy theft usually entails circumventing the energy meter so that energy may be consumed without being recorded for billing purposes [80].

Disruption of Service in Critical and Non-Critical Facilities
Cyberattacks against automation equipment in critical and non-critical facilities can be conducted to achieve the goals listed below [4,113,114]: (1) To gain initial access, for example, via hacking smart lights, to gain Wi-Fi authentication and eventually control of Wi-Fi network devices. (2) To cause an indirect service disruption, for example, by using a thermostat to manage the building's air conditioning system from afar. (3) To obtain and disseminate information. Use an application that hacks smart gadgets, such as smart televisions, to make them act as though they are turned off and then use the microphone to record and leak conversations surrounding them. (4) For system abuse, such as producing light flashing at a certain frequency that might trigger epileptic seizures in individuals. (5) To initiate an intensified attack against critical facilities such as hospitals through a number of targeted smart devices. To deactivate smart home automation systems by targeting a large number of IoT-enabled smart home automation devices in a short amount of time.

Disruption of Transactive Energy Systems
The transactive energy system employs this integrated notion of economic and operational mechanisms to dynamically maintain demand and supply balance across the grid system, hence improving the energy grid's efficiency and reliability. For decision-making and demand response programs, the transactive energy control mechanism is heavily reliant on the cyber system of distributed edge computing and IoT-enabled technologies. This system necessitates a large amount of data to be transmitted across various market processes. Cyberattacks can be performed through the following procedure in order to disrupt the safe operation of transactive energy systems [115,116]: (1) Malware injection in the system can result in a large-scale power outage or data theft.
(2) Cybercriminals can tamper with or damage smart meters for several purposes.
(3) To interrupt the transactive system by manipulating the control signals of the relay and circuit breaker.

Environmental Security
Environmental security is critical in the implementation of smart energy grids because it aids in the control and avoidance of potentially catastrophic effects on infrastructures caused by natural or artificially induced environmental hazards such as floods, tremors, earthquakes, landslides, falling trees, and bushfires. In such circumstances, smart action based on environmental concerns is performed primarily by delivering appropriate threat alerts based on collected data and providing alternate feeders for vital infrastructure. Although this feature of smart grids' security is classified as non-technical in this study, it has both technical and non-technical ramifications in some areas.
The capacity of a system's response to failure, in terms of its ability to restore service (by utilizing an improvised alternate feeder if appropriate) or provide adequate data to enable system operators to restore service, is of the highest importance in smart grids. This is accomplished mostly by automatic switching in the event of outages or failures. Natural catastrophes, harsh temperatures, peak, and fossil oil depletion, global energy market instability, terrorism, sabotage, vandalism, and other similar variables all have adverse impacts on the system's resiliency [117,118]. A geographic information system (GIS) is based on the real-time data that are captured by deployed IoT devices such as smart meters to aid data analytics methods that predict natural disasters and thus have a crucial role in providing timely and accurate environmental threats alerts.

Detection and Mitigation of IoT-Enabled Cyberattacks
Customers (consumers and prosumers), electric utilities, power system operators, and third-party service providers can be assumed to be stakeholders of smart grids. The data administration of smart grids, particularly in terms of smart meters, becomes a demanding task due to the participation of various stakeholders. There are several frameworks that provides guidelines for integrating security and privacy across several domains to enhance the security and privacy protection of all involved entities. Security is divided into three categories by the framework: communication security, secure computing, and system control security. Cryptography, route security, and network privacy are all aspects of communication security [119].
A key goal in the management of communication security is to successfully achieve end-to-end encryption and multiple hop routing that can assure the security of transferred data. In [120], the authors described the major functionalities of smart meters, which includes tracking the quantity of utilized energy as well as voltage and frequency. The implemented smart meters are also in charge of providing data to the grid via a secure communication channel, as well as managing load switches by operators to prevent blackouts in emergency situations. Additionally, this research showed that high-assurance smart meters could be implemented (HASM).
Various techniques have been proposed in the literature to address cybersecurity backgrounds, elements, challenges, and potential solutions for smart energy grids. However, as the complexity of the grid increases with the significant deployment of smart IoT devices, most recent studies have found that the integration of AI techniques is one of the most effective solutions [121][122][123][124][125][126]. According to several research findings, the smart grid is similarly vulnerable to human errors, which can be caused by social engineering attacks [127,128]. Therefore, in this study to investigate the most promising recent methods for safeguarding IoT-enabled smart grids, we have divided these methods into two main categories: non-human-centric and human-centric methods.

Non-Human-Centric Methods
The non-human-centric methods can be categorized into three classes: (1) machinelearning-based methods, (2) cloud-computing-based methods, and (3) blockchain-based methods. In the following, we will briefly discuss each of the mentioned methods.

Machine-Learning-Based Methods
In the smart grid infrastructure, thousands of sensors are deployed. These sensors continually monitor the states of the devices to which they are connected, generating a massive quantity of data in the form of log files or time-series data. The data that are produced by sensors are saved on a cloud server, which must be preprocessed before being sent. Local servers are another option for servers. However, the maximum level of data security is achieved by storing data on a local server. Nevertheless, they constrain the ability of pattern recognition features or forecasts by advanced optimization algorithms [129,130].
In the past few years, machine-learning methods have proved to be effective in detecting cyberattacks. Machine learning identifies intrusions based on past data, as opposed to rule-based techniques. To anticipate power system disruptions, a combination of JRipper and Adaboost was formulated in [131]. The model generated three groups based on the attack data, natural disturbances, and the state of no event. False data injection attack (FDIA) is another popular type of attack that can seriously damage smart energy systems. By tampering with data that are collected from smart meters, FDIA can financially impact utilities and consumers. In [132], a model was analyzed on an IEEE 14-bus test system. The efficiency and performance of the ensemble-based learning (EBL) model were compared with several algorithms such as linear regression (LR), naïve-Bayes (NB), decision tree (DT), and support vector machine (SVM), where the obtained results demonstrated that the unsupervised EBL model outperformed all the other algorithms with accuracy of 73%. In [133], the authors proposed a robust deviation-based detection method to efficiently defend the system against an FDIA. Additionally, an exponential weighting function in combination with a Kalman filter was implemented to retain the original weighted least squares estimator. The experimental results confirmed the efficacy of the proposed detection method against FDIA attacks. In this study, the influence of various attack strengths and noise on detection performance was also investigated. In [134], a deep learning technique based on a conditional deep belief network model was proposed to identify the behavioral characteristics of FDI attacks on a real-time basis. In the presented method, the detection mechanism relaxes the beliefs for the potential attack scenarios and attains high accuracy. Moreover, the formulated optimization model was able to distinguish similar behavior that takes place in the process of energy theft. The performance of the presented method was illustrated through two simulation cases on IEEE 118-bus and IEEE 300-bus test systems, where the scalability of the proposed model was also examined.
Occasionally, a smart grid may be subjected to distributed denial-of-service (DDoS) attacks. DDoS attacks jeopardize the availability of communication servers. The fundamental goal of a DDoS attack is to flood the communication server with false requests, causing it to become unusable for communication. In [135], the authors proposed a DDoS attack detection method based on a multilevel auto-encoder formulation. Multiple levels of shallow and deep auto-encoders were trained in an unsupervised approach which was employed to encode training and test data for feature extraction and generation purposes. In the final stage of the algorithm, a unified detection model was constructed by combining the multilevel features using a kernel learning algorithm. The obtained results of their algorithm showed its functionality by achieving high prediction accuracy where it outperforms all the other compared methods.

Cloud-Computing-Based Methods
In [136], risks and opportunities that cloud computing avails to utility companies and energy suppliers of IoT-enabled smart grids were discussed while considering characteristics of cloud computing that may be able to enhance the system defense capability in dealing with DDoS attacks. An extensive literature review was also conducted to determine which DDoS defense techniques can be employed by means of cloud-computing techniques in the context of smart energy systems. In [137], to ease the inconvenience of working on encrypted data, an attribute-based online/offline searchable encryption scheme was proposed. In the first step, encryption and trapdoor algorithms were divided into two phases. In the second step, both the encryption and attribute control policy were performed in the offline mode. In the next step, the proposed scheme was secured against two attacks: (1) chosen plaintext and (2) chosen keyword attacks. Ultimately, the applicability of the presented method in a cloud-based smart grid was tested. In [138], the authors analyzed a fundamental security problem in the scalable architecture of the smart grid cloud services. They evaluated risks involved in IoT-enabled smart grid security in terms of five distinctive features: (1) policy and organizational risks, (2) general technical risks, (3) SaaS risks, (4) PaaS risks, and (5) IaaS risks. The presented evaluation model was based on deep belief networks, which comprised multiple RBMs and a BP neural network (BPNN). The RBMs were trained by means of a greedy training algorithm, and then BPNN was employed for fine-tuning purposes. Their obtained results found that the mean absolute error (MAE), mean relative error (MRE), and mean square error (MSE) of the proposed model are the lowest in comparison to all the other methods [139].

Blockchain-Based Methods
The integration of blockchain with IoT-enabled smart grids is becoming a complicated key solution for accelerating a broad range of security functionalities in smart energy systems [140]. The current centralized ledger system can be transferred by blockchainbased techniques into a distributed ledger thanks to the existence of public key algorithms. Blockchain methods offer end-to-end encryption technology based on their distributed processing structure that guarantees the safety and reliability of communication [141]. In [142], a blockchain-based security method that facilitates secure and authorized access to smart city resources was presented. The proposed method comprised an authentication and authorization process for constrained environments based on two models: (1) a blockchain model and (2) object security architecture (OSCAR) for the IoT. The blockchain-based method laid out an adaptable and untrustworthy authorization system, while OSCAR used a public ledger to construct multicast classes for authorized customers. Furthermore, a meteor-based application was created to provide a user-friendly interface for heterogeneous smart city technology. Through this application, users were able to interact and operate with smart city resources such as traffic lights, smart energy meters, and security cameras. In [143], a new distributed authentication and authorization protocol for IoT-enabled smart grids based on blockchain-based methods was proposed to address information leaks, illegal access, and identity theft issues. The protocol introduced combined the decentralized authentication and immutable ledger properties of blockchain architectures that are applicable for power systems to achieve both identity authentication and resource authorization for smart energy systems. In [144], a model-based architecture was proposed that considered an interoperable blockchain-based local energy market for consumers and prosumers in a residential microgrid (MG) framework. The research identified 21 organizational, informational, technological, and blockchain needs for a local energy market and its underlying information system using the IoT-enabled smart grid architecture. According to the Landau Microgrid case study, the biggest hurdle was a clear value proposition for key stakeholders, standardization of data exchange, and appropriate physical implementation [145].

Multifactor Authentication
When two successive authentication procedures are combined, the password-breaking algorithm becomes exponentially more complicated. Unauthorized users will have less access to the data because of the multifactor authentication process. Multifactor authentication approaches include SMS token authentication, email token authentication, hardware token authentication, software token authentication, and phone authentication [146].

Employee Training
Hackers are increasingly targeting humans because of technological advancements that have made attacks on smart equipment more complicated. Attackers are using machinelearning technologies to recognize human behaviors and create a variety of scenarios. Thus, employee training plays a critical role in limiting the hackers' success in their malicious intent.

Password Strength
The use of strong passwords minimizes the likelihood of an attack on the integrity or confidentiality of data. Password-guessing attacks are more likely with weak passwords. Password guessing is a method of gaining access to a system by guessing passwords and gaining access to a targeted device. In addition, the attacker consumes network resources and bandwidth to carry out several attacks that consequently limit the access of legitimate users to the resources [147].

Operating System (OS) Protection
Users are one of the weakest links in the context of cybersecurity, and one of the biggest challenges with users is that they cannot be taught in the same way as staff. Thus, smart devices such as smart meters and smart inverters must be protected against cyberattacks. Tamper-proofing the devices' internal operating systems is one of the most effective approaches for protecting devices against cybercriminals [148].

Customers Protection against Third-Party Applications
Customers should always be wary of applications that request authorization. Customers keep sensitive data on their devices, and some third-party apps request more information than they require. Around 98.5 percent of consumers ignore or just sometimes accept the permissions requested by applications without thinking twice. It has been reported that 93.6 percent of users accept the applications' terms and conditions instantaneously or within one minute [149].

Reporting of Malicious Behavior
Customers should be able to readily report any suspected attack on a platform created by utilities. The destruction would grow exponentially as the time gap between the attack and the time of report increases. A delay in reporting an attack jeopardizes not only the privacy of one client but also the privacy of other connected customers in the grid [63].

Conclusions and Future Directions
The Internet of Things (IoT) is the next step toward a worldwide and widespread connection to every communication and computation-enabled device, independent of its access technology, available resources, or geographical location. The smart grid is the largest IoT deployment, with smart devices distributed throughout the energy chain from the generating power plants to the end-users. The IoT will improve existing smart energy grids by facilitating real-time control and monitoring of the grid components. However, in the past decade, as discussed in the literature, cybersecurity has been viewed as one of the major roadblocks to IoT acceptance and further deployment in smart energy grid systems around the world. It is a challenging task to ensure the safety of grid-connected devices, and this is due to the massive number of devices that are connected to the communication networks, which increases the chances of a cyberattack and the potential risks of severe repercussions. It has been predicted that 30.9 billion IoT devices will be deployed around the world by 2025, of which 19% will be installed in the energy sector, which increases the focus of cyberattacks on this sector by 54% [67,150]. In this regard, the extent of the susceptible attack surface will rise dramatically with the further implementation of IoT-enabled devices in the smart grids. To address the abovementioned concerns and challenges, the following recommendations for the improvement of IoT-based smart energy systems are made:

•
The framework and modeling of smart energy grids should be improved, and suitable reconfiguration technologies must be developed for the restoration aspect of electrical grids. • Secure AMI technologies must be widely deployed in combination with advanced cloud and edge-computing facilities and 5G telecommunication technologies to enhance the functionality and security of the smart grids. • Smart grids must be equipped with more secure communication protocols that consider the heterogeneity of IoT devices while enabling the deployment of AI algorithms onto the device itself instead of being controlled from afar to reduce the likelihood of communication breaches.
• Advanced secure and data communication systems based on blockchain methods must be extensively implemented in IoT-based smart energy systems. • Game-theoretic models (specifically for the energy markets), and cognitive and deeplearning methods (for system behavioral modeling and forecasts) must be used effectively for the smooth and reliable operation of electrical grids.

Conflicts of Interest:
The authors declare no conflict of interest.