Next Article in Journal
A Rapid Review of Hygrothermal Performance Metrics for Innovative Materials in Building Envelope Retrofits
Previous Article in Journal
Novel Design of Conical-Shaped Wireless Charger for Unmanned Aerial Vehicles
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Energies
Volume 18
Issue 18
10.3390/en18185017
energies-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Cybersecurity of Smart Grids: Requirements, Threats, and Countermeasures

by
Edyta Karolina Szczepaniuk
1 and
Hubert Szczepaniuk
2,*
1
Polish Air Force University, Dywizjonu 303 Street no. 35, 08-521 Dęblin, Poland
2
Warsaw University of Life Sciences—SGGW, Nowoursynowska 166 St., 02-787 Warsaw, Poland
*
Author to whom correspondence should be addressed.
Energies 2025, 18(18), 5017; https://doi.org/10.3390/en18185017
Submission received: 30 August 2025 / Revised: 17 September 2025 / Accepted: 18 September 2025 / Published: 21 September 2025
(This article belongs to the Section A1: Smart Grids and Microgrids)
Browse Figures
Versions Notes

Abstract

Cybersecurity is a key factor influencing the development of the smart grid paradigm. The integration of information and communication technologies into energy networks introduces new cybersecurity requirements, vulnerabilities, and threats. Typical countermeasures and security measures require optimization and customization for implementation in a distributed and heterogeneous smart grid environment. In this paper, we propose a holistic approach to smart grid cybersecurity by considering information security attributes at the level of requirements, threats, and countermeasures analysis. The results of the conducted review enabled us to develop a holistic cybersecurity framework for smart grids, while also analyzing the challenges and barriers related to security measures, as well as the possibilities for their mitigation.

1. Introduction

Nowadays, the digitalization of the energy sector is one of the key priorities for many countries and international organizations. The goal of digital transformation is to enhance the efficiency and effectiveness of energy services. Moreover, it plays a crucial role in advancing sustainable development, particularly through the integration of renewable energy sources. The implementation of digital technologies in the energy sector aims to ensure system stability, reduce costs, reduce energy demand, focus on customer needs and protect the environment. The use of advanced optimization and control techniques in power systems also increases the reliability and efficiency of equipment use (e.g., [1]). In addition to the benefits mentioned, the use of information and communication technologies (ICT) implies the emergence of many new vulnerabilities and increases the risk of cyber threats.
According to Jasiunas et al. [2], cyberattacks are responsible for a small portion of energy disruptions, but they are a rapidly growing problem and can cause significant damage. Attacks on the energy sector can lead to supply chain disruption, infrastructure destruction, financial losses and negative environmental impacts (e.g., [3]). Security incidents recorded so far have concerned, in particular, disruptions in the power grid, gas pipelines, oil refining plants and nuclear power plants (e.g., [4]). For example, in 2003, the US power system was infected, causing a power outage for 50 million users [5]. In 2010, a cyberattack on an Iranian uranium enrichment facility using the Stuxnet malware resulted in the physical destruction of centrifuges. Another example is the 2021 attack on a US fuel pipeline, which resulted in the shutdown of a critical fuel network and reduced energy supplies (e.g., [4]). According to Heymann et al. [6], cyberattacks carried out in recent years suggest that an increasing number of them are targeting critical energy infrastructure. These threats constitute a small percentage of recorded security incidents, but they illustrate the scale of the threats and their potential impact.
The literature on the subject also includes forecasts and scenarios for the development of cyberattacks on the energy sector. In the era of digital transformation, threats to smart grids, the development of which is one of the priorities of energy policy, deserve particular attention. Alsuwian et al. [7] note that smart grids are the optimal solution to meet the requirements of a modern power system that integrates multiple energy sources or microgrids. Beyond the aforementioned opportunities, ensuring smart grid cybersecurity poses a significant challenge.
Complex infrastructure, the growing number of smart devices, and existing vulnerabilities increase the risk of cyberattacks in the energy sector. Therefore, the cybersecurity of smart grids has become a critical area of research—especially considering the potential for cascading effects in the digital environment, where threats to smart grids may compromise the security of energy systems and, by extension, national security. Moreover, protecting the energy system against cyber threats is an important element of the energy policy of many countries and international organizations (e.g., [8,9,10]). The literature review also showed that many researchers recognize the relevance of the issues raised and recommend continuing research in the area of cybersecurity (e.g., [2,3,11,12]). The outlined context indicates the need to explore the subject of research, which is the cybersecurity of smart energy networks. It is worth noting that the academic literature features review studies on smart grid cybersecurity, offering important findings regarding the current state of research. This article adopts an approach that draws on security studies and computer science to address the attributes of information security. The study was organized around a smart grid layered architecture, in the context of confidentiality, availability, and integrity. This approach made it possible to analyze cybersecurity issues both in relation to individual system layers and in terms of information security attributes. Within the individual information security attributes, cybersecurity requirements were defined, threats were identified, and available security mechanisms and countermeasures were identified. This approach enables a thorough understanding of the nature of cybersecurity requirements and threats at different levels of the smart grid architecture, while also indicating how they can be addressed in a manner consistent with the information security attributes. The results of the literature review enabled the development of a holistic smart grid cybersecurity framework. The main contributions of this article include the following:
  • The paper identifies cybersecurity requirements for smart grids, analyzing them in the context of the system’s layered architecture and information security attributes. This approach enables a precise understanding of cybersecurity needs at various system levels, including confidentiality, availability, and integrity.
  • An analysis of cybersecurity threats to the smart grid was conducted with reference to specific information security attributes. The article provides an enhanced understanding of which smart grid components are vulnerable to particular types of cyberattacks, as well as the potential impact these attacks may have on system operation and the violation of information security attributes.
  • We reviewed countermeasures and security mechanisms, categorizing them according to confidentiality, availability, and integrity. The article identifies the most effective solutions for protecting each of the information security attributes.
  • The article proposes a holistic cybersecurity framework for smart grids that integrates architectural layers, requirements, and security measures. This framework can serve as a reference model for designing practical tools and strategies to support the cybersecurity of smart grid systems.
  • The article analyzes the technical and organizational challenges associated with implementing the identified countermeasures and security mechanisms. Additionally, it proposes ways to minimize these challenges, making the analysis more useful from an implementation and practical perspective.
The next sections of this article are organized as follows. Section 2 describes the research methodology adopted in the article. Section 3 characterizes the layered smart grid architecture in the context of cybersecurity requirements. Section 4 analyzes cybersecurity threats in smart energy networks. Section 5 reviews available countermeasures and safeguards. Section 6 presents a holistic cybersecurity framework. The article ends with conclusions, which include a summary of the research.

2. Materials and Methods

This article presents a review and analysis of research in the fields of security studies and computer science related to the cybersecurity of smart energy grids, which enabled the development of a holistic cybersecurity framework for smart grids. Security studies provided a comprehensive approach to cybersecurity by considering the key information security attributes: confidentiality, integrity, and availability. Computer science provided the foundation for the technical and engineering analysis of smart grid cybersecurity in the context of information system architecture, computer networks, network attacks, and security measures.
The main aim of the article is to explore cybersecurity issues in smart grids, considering their architecture, potential threats, and security measures, and to propose a holistic cybersecurity framework. The paper contributes to both the theory and practice of security science and computer science by answering the following research questions (RQs):
  • RQ1: What are the cybersecurity requirements in relation to the multi-layer smart grid architecture and information security attributes?
  • RQ2: What are the cybersecurity threats to smart grids in terms of breaches of confidentiality, integrity, and availability?
  • RQ3: What cybersecurity measures and safeguards can be implemented in smart grids to ensure the confidentiality, integrity, and availability of data and services?
  • RQ4: How can a smart grid cybersecurity framework be designed to meet cybersecurity requirements and address evolving threats?
To achieve the adopted research objective and answer the defined research questions, the method of analysis and synthesis of the relevant literature, legal acts, and normative acts was employed. The study utilized the MDPI, Scopus, and IEEE literature databases. The review resulted in the development of a holistic framework for smart grid cybersecurity (RQ4). The subsequent sections of the paper directly correspond to the adopted research questions (RQ1–4).

3. Smart Grid Architecture and Cybersecurity Requirements

According to the International Energy Agency, “Smart grids are electricity network that use digital technologies, sensors and software to better match the supply and demand of electricity in real time while minimizing costs and maintaining the stability and reliability of the grid” [13]. In other words, these are smart distribution networks that, using IT solutions, integrate the activities of electricity producers, distributors, and consumers. This concept assumes communication between all parties and the integration of distributed energy sources. The consumer is connected to the distribution network via a smart meter, enabling two-way communication, as well as the control and management of energy consumption.
The literature on the subject emphasizes that there are projects standardizing smart grid technology. According to Panda & Das, the following models are widely accepted [14]:
  • NIST Smart Grid Conceptual Model [15];
  • Smart Grid Architecture Model—SGAM [16];
  • IEEE 2030 Standard [17].
The NIST model defines a framework for smart grids that covers seven areas: Customer, Service Provider, Markets, Operations, Generation Including DER, Transmission, and Distribution [15]. It also indicates energy flows, communication, and interconnectedness (e.g., [18,19]). The SGAM model is an extension of the NIST model and consists of five interoperability layers that are divided into zones and domains (e.g., [14,20]). The IEEE 2030 standard defines three main architectural aspects: Power Systems, Information Technology, and Communications Technologies (e.g., [21]). The models mentioned above standardize smart grid terminology, provide engineering solutions, and ensure grid interoperability.
The research issues justify the need to analyze the architecture of smart grids. This characterization is essential for formulating cybersecurity requirements. Moreover, it provides a basis for identifying threats. For further consideration, a smart grid architecture model was developed, consisting of the layers shown in Figure 1.
The model presented in Figure 1 illustrates key aspects of smart grid architecture. The business layer encompasses the management system and business logic. These elements result from the regulatory and economic policies in a given area. This layer also reflects the business models and data exchange principles within smart grids among the energy market stakeholders.
The application layer provides software and services that connect various smart grid operations. It includes customer-side and smart grid-side applications, which create a data exchange platform within the energy system. It is responsible for the effective management, monitoring, and optimization of the network, such as energy distribution management, power quality monitoring, demand management, energy consumption monitoring, and fault management.
The communication layer ensures data transmission between various elements of the energy infrastructure. Its main task is efficient communication and coordination between individual systems, applications, and devices. The communication network has a hierarchical structure, oriented towards geographic areas and management levels. In this context, a WAN (Wide Area Network) is the network with the largest coverage, while a PAN (Personal Area Network) is the network with the smallest coverage. This layer also utilizes various communication protocols, such as TCP/IP network protocols and protocols specific to smart grids (np. DNP3, IEC 61850).
The power layer encompasses the physical architecture and systems that manage the flow of power and deliver it to consumers. It can be divided into two further layers: the power control layer and the power system layer. The former ensures the monitoring, control, and optimization of energy flow within the network. Another important purpose of this layer is the integration of renewable energy sources. The power system layer encompasses the entire physical infrastructure and devices that constitute the power grid. This layer includes power plants, transmission lines, and energy meters.
Referring to the characterized architecture, smart grids are a complex energy system that uses information and communication technologies to optimize energy flow. The implementation of new technologies in the energy sector supports the management, distribution, and integration of renewable energy sources. A literature review identified both currently used smart grid technologies and those under development. Key solutions include:
  • SCADA systems: enable monitoring, control, and management of smart grid operations. They integrate readings from sensors, measurement devices, and other energy infrastructure components (e.g., [22,23]).
  • Advanced Metering Infrastructure (AMI): an integrated infrastructure that includes smart meters, software, and advanced communication technologies. AMI enables two-way communication, remote management, and energy consumption measurement (e.g., [24]).
  • Sensors: used to collect data on various parameters of the smart grid. This data is then used to manage and optimize energy supply (e.g., [25,26]).
  • Communication technologies—provide real-time, two-way interaction. Smart grids utilize both wired and wireless technologies (e.g., [1,27]).
  • Cyber-Physical Systems (CPSs): integrate physical and digital components to monitor, analyze, manage, and optimize processes in smart grids. These systems demonstrate the potential for comprehensive energy system transformation, including decarbonization, digitalization, and decentralization (e.g., [28,29]).
  • Internet of Things (IoT): includes physical objects equipped with sensors and software that enable connection and exchange of data with other objects via a computer network. IoT in smart grids may have applications in smart cities, smart homes, energy optimization, and the integration of renewable energy sources (e.g., [30]).
  • Artificial Intelligence (AI): uses algorithms and mathematical models that enable computer systems to learn and make decisions. AI in smart grids can be used for things like monitoring, diagnostics, managing distributed energy sources, and forecasting supply and demand (e.g., [31,32]).
The above characteristics demonstrate that smart grids are a complex ecosystem with a distributed and heterogeneous architecture. The integration of computer networks and operational technology (OT) networks is one of the key assumptions of the smart grid, leading to more efficient management processes and faster decision-making based on real-time data analysis. However, from a technical perspective, such integration poses several challenges due to the implementation of protocols such as Ethernet, IP, and TCP within OT networks. In particular, OT networks utilize dedicated industrial protocols that are not typical in traditional computer networks. This integration expands the threat landscape and attack surface by exploiting vulnerabilities in computer networks to attack critical OT components. Furthermore, the large number of devices connected to the network and distributed control systems pose a high risk of attacks on smart grids. Therefore, cybersecurity is a significant challenge for the further development of smart grids.
The International Energy Agency report includes a definition in which cybersecurity “broadly refers to the ability to prevent or defend against cyberattacks and cyber incidents, preserving the availability and integrity of networks and infrastructure and the confidentiality of the information these contain” [9] (p. 8). The cited definition takes into account the systemic approach, as it treats cybersecurity as a set of system features that are resistant to threats and ensure the protection of internal values, i.e., information security attributes. Considering the above interpretation and the smart grid architecture, the following cybersecurity requirements were formulated:
  • Smart grid cybersecurity should address information security attributes such as confidentiality, integrity, and availability.
  • Availability aims to ensure access to data and services at any time upon request by an authorized entity [33]. In the case of smart grids, this attribute is critical and has a high security priority. This means the availability of key data and services to grid operators, energy suppliers, and other authorized parties for reliable energy supply. Smart grid systems should therefore be resistant to attacks that compromise availability, such as DDoS attacks.
  • Integrity means protecting data from unauthorized modification or corruption [33]. In smart grids, integrity is crucial to ensuring the reliability and accuracy of data. This applies, for example, to information about energy consumption, data from sensors and measuring devices, voltage values, or power flow. A breach of integrity may destabilize the power grid, and therefore it is necessary to implement appropriate safeguards.
  • Confidentiality refers to ensuring that data is accessible only to authorized individuals and protected from unauthorized access [33]. Smart grids rely on the exchange of large amounts of information, much of which is sensitive. Examples include personal data, data from sensors and measurement devices, and information about the topology and status of the power grid. Unauthorized access to this type of data can lead to privacy violations, identity theft, and manipulation. Breaching confidentiality can facilitate attackers’ sabotage, physical attacks, or other security incidents.
  • The human factor should be considered in the design and implementation of cybersecurity solutions. End-user errors can lead to security breaches. Furthermore, some cyberattacks exploit human vulnerability to threats, such as phishing. Training and awareness raising are therefore essential to maintaining an acceptable level of security in smart grids. It is also worth noting the concept of cyber hygiene, which has been developed in recent years, referring to a set of principles and behaviors aimed at reducing risky activities in cyberspace [34].
  • The design and implementation of smart grid systems requires compliance with legal regulations and standards. These include, among others, energy law, interoperability, personal data protection, and device certification and approval.

4. Cybersecurity Threats to Smart Grids

Identifying threats to smart grids is crucial for cybersecurity management in the energy sector. Proper threat identification influences the risk management process and enables the selection of appropriate security measures. The literature on the subject offers various perspectives on cybersecurity threat analysis in the energy sector. This section presents an overview of threats based on various classification criteria.
Cybersecurity threats to smart grids are often analyzed in the context of loss of information security attributes, i.e., confidentiality, integrity and availability (e.g., [35,36]). Availability is related to the timely and reliable operation of the energy system. Among the main threats are denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. As noted by Yang et al. [37], DoS/DDoS attacks on energy systems are among the traditional attacks that have evolved alongside the development of cyber-physical power systems (CPPSs). They exploit protocol vulnerabilities, flood network traffic, or block communication channels [37]. Ransomware attacks are another example of accessibility violations. They involve encrypting files to obtain specific funds in exchange for a decryption key. It is worth noting that in recent years, a surge in ransomware-related security incidents has been observed in many sectors (e.g., [38]). Furthermore, forecasts indicate that targeted ransomware attacks will be among the main threats to cybersecurity (e.g., [39]). Cyberattacks that compromise availability are particularly dangerous for the energy sector, as they can lead to service unavailability, blocking parts of the network, and disruptions in the supply chain.
Integrity attacks pose a serious threat because they can destabilize the operation of the grid or power systems. Integrity breaches in smart grids can involve falsifying and modifying data transmitted over power grid communication channels. They can also impact availability, cause system damage, lead to power outages, and pose a threat to human health and life. The literature emphasizes that one of the main attacks on the integrity of smart grids is a false data injection attack (FDI) (e.g., [37,40,41]).
The confidentiality attribute ensures that information and services are only available to authorized persons. Confidentiality threats involve the unauthorized acquisition of confidential information about customers and service providers in the energy sector [42]. Examples of data collected include bill numbers and electricity usage. Security incidents that compromise confidentiality can result in the disclosure of users’ private information [35] and its exploitation in cyberattacks that affect availability and integrity [36]. Such threats include traffic scanning, port scanning, social engineering attacks, and password phishing [36]. Additionally, man-in-the-middle (MitM) attacks can be classified as confidentiality attacks [43]. However, MitM attacks can also compromise integrity and availability [37]. A MitM attack involves an attacker intervening in the exchange of information between devices in order to eavesdrop or impersonate one of the devices [37,43,44]. Another example of a confidentiality attack is masking attacks, which involve using a false identity to gain unauthorized [43].
In the practice of modeling threats to the energy sector, the STRIDE method can be used. It enables the assessment of system component security in terms of information security attributes [45], vulnerability analysis, and identification of attack [46]. The method’s name refers to the first letters of six groups of threats that violate information security attributes. As indicated in the STRIDE method, it is based on the following threat classification:
  • Spoofing (S)—attacks that violate integrity and allow the impersonation of an authorized user or device;
  • Tampering (T)—attacks that violate integrity through unauthorized data modification;
  • Repudiation (R)—attacks that allow for the denial of an action performed in the system;
  • Information disclosure (I)—attacks that violate confidentiality, leading to unauthorized access to and disclosure of information;
  • Denial of service (D)—attacks that violate availability, blocking or restricting services for authorized users;
  • Elevation of privilege (E)—attacks that violate integrity, allowing the acquisition of unauthorized system privileges.
To summarize the discussion so far, cybersecurity threats in the energy sector can be analyzed based on confidentiality, availability, and integrity. It’s worth noting that data and services are considered secure when all of these attributes are maintained. Therefore, information security attributes are also used to analyze the impact of threats and design and assess the security of energy systems.

5. Countermeasures and Safeguards

The review of countermeasures and security measures was conducted taking into account the perspective of information security attributes as well as the limitations resulting from the nature of smart grids. It should be noted that individual countermeasures and security measures can protect more than one information security attribute. However, during the analysis, countermeasures and security measures were grouped according to the most closely related information security attributes. This approach enabled an analysis aligned with the cybersecurity requirements and threats defined for smart grids.

5.1. Confidentiality Protection

Confidentiality countermeasures and security measures should protect against unauthorized access to user data, operational data, and information about power grid configuration settings. Key countermeasures and security measures in this regard include, in particular, data encryption, authentication, and access management.

5.1.1. Data Encryption

In general, data encryption can involve both symmetric and asymmetric encryption algorithms. Symmetric encryption, such as the AES algorithm, uses a single key to encrypt and decrypt information. Asymmetric encryption, such as the RSA algorithm, uses a concept based on public and private keys. Encryption algorithms are widely used in various higher-layer network protocols and other advanced solutions dedicated to energy networks, including:
  • AES and TLS/SSL protocols, which can be used to encrypt transmissions in Advanced Metering Infrastructure (AMI), e.g., between the control center and energy meters;
  • IPSec and VPN protocols, which can be used to encrypt connections in SCADA systems, e.g., between the RTU controller and the central office;
  • DNP3 protocol used in energy control and supervision systems can be enhanced with encryption algorithms;
  • MQTT-S, CoAP with DTLS, LoRaWAN, and Elliptic Curve Cryptography (ECC) protocols can be used to communicate with IoT devices and sensors that are components of smart grids.
In addition to the above-mentioned application areas, there are innovative concepts available in the literature regarding the use of encryption in smart grid protection. Sousa-Dias et al. [47] presented a cyclic homomorphic aggregation protocol that eliminates the need for additional network components or key distribution schemes. In the cited study, the authors utilized the concept of homomorphic encryption and data aggregation to preserve privacy. The results indicate that the presented protocol provides effective energy consumption data aggregation while simultaneously protecting privacy [47]. It is worth pointing out that the cited study emphasized that current smart meters are probably not capable of performing complex cryptographic operations, and therefore future implementations depend on hardware improvements in AMI [47].
In another study, Deng et al. [48] presented the ST-GCN method for forecasting the power output of photovoltaic power plants based on meteorological encryption and spatiotemporal graph networks. The cited study utilizes geolocation data of photovoltaic power plants and meteorological information [48]. The power plants are mapped using an inverse distance weighting method [48]. Based on the correlation of power data, a graph is created, and then a dual-layer attention mechanism is applied to the spatiotemporal model, capturing spatial and temporal dependencies [48]. Finally, the model forecasts the power output of distributed photovoltaic power plants [48]. The results indicate that the proposed method achieves high power forecasting accuracy.
In turn, Zhang et al. [49] applied a permission change method based on attribute encryption to solve the problem of sharing data from multiple sources in power system engineering. To reduce the computational and communication load associated with changing user permissions, the authorization center generates and updates keys, allowing the data owner to define access policies [49]. When permissions change, the authorization center modifies the user’s key, allowing the data to be decrypted without the need to re-encrypt the entire dataset [49].

5.1.2. Authentication

In the domain of authentication within smart grids, traditional password-based methods are inadequate for ensuring a sufficient level of security. Therefore, research into the application of advanced user and device authentication techniques, well established in computer science, is essential for smart grids. In particular, such methods include:
  • Multi-factor authentication (MFA);
  • Digital certificate-based authentication (CBA);
  • Federated identity-based authentication (FA).
A commonly known MFA method uses additional factors beyond a username and password to verify identity. This additional layer of authentication can include a variety of mechanisms and technologies, particularly authentication applications, smart cards, tokens, and biometric data. This method enhances the reliability of the authentication process in the face of cyber-attacks on smart grid infrastructure, while reducing the risk of unauthorized access [50]. CBA in smart grids can be a fundamental mechanism for ensuring security in terms of both confidentiality and integrity. CBA encompasses various cryptographic algorithms and handshake protocols [51]. The mechanism relies on asymmetric cryptography, digital certificates, and a certificate authority, which facilitates secure user and device authentication across the distributed smart grid infrastructure. In turn, the main idea of FA is the ability to log in to multiple services from one central location.
Comprehensive authentication solutions dedicated to the distributed smart grid environment are also available in the literature. In the field of energy networks, Khan et al. [52] designed a mutual authentication system for smart grid communications based on biometric elliptic curve cryptography. Research results indicate that the solution supports user anonymity, resilience to various types of attacks, and reduced costs associated with data transmission and computational load [52]. In the context of implementing authentication mechanisms between devices, AlJanah et al. [53] proposed optimizing multi-factor group authentication for secure IoT device communication. These research findings are crucial because IoT is an important component in smart grids and is critical due to cybersecurity issues. The research presented four multi-factor authentication protocols designed for group communication in IoT environments, involving interactions between multiple devices [53]. The results indicate that each protocol meets security requirements and protects against potential attacks [53].
In the area of authentication, the research results conducted by Hafeez et al. [54] are also significant. They proposed a scalable authentication and communication protocol for smart grids [54]. The protocol focuses specifically on authentication, secret key establishment, symmetric encryption, and hash-based message authentication, which enhances the confidentiality and integrity of communications in smart grids [54]. Technically, the protocol utilizes the Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication, the Elliptic Curve Diffie–Hellman Algorithm (ECDH) for secure key exchange, and AES-256 encryption for data transmission protection [54]. Experimental results indicate the high time and energy efficiency of the presented solution.

5.1.3. Access Management

Access management covers all mechanisms responsible for authorization, i.e., the process of granting access to system resources to already authenticated users or devices. Properly implemented access control mechanisms protect against unauthorized access to confidential information by attackers and minimize the possibility of misuse of resources by authorized users [55]. There are many access control models, but all types are based on one of three basic models [56]:
  • Discretionary Access Control (DAC): resource permissions are defined by their owner, and decisions to allow or deny access are based on user credentials such as ID and password [56];
  • Role-Based Access Control (RBAC): grants access based on user roles and responsibilities, limiting it to necessary data and operations, such as reading, writing, or updating, in accordance with their permissions and responsibilities [56];
  • Attribute-Based Access Control (ABAC): enables the implementation of comprehensive and complex access policies based on known user attributes stored in the system [56].
Regarding limitations, it should be noted that traditional access control models such as DAC, MAC, or RBAC may not be suitable for use in IoT environments [57]. This is important because, as previously mentioned, IoT is an integral component in a distributed smart grid environment. Kim and Choi [58] emphasize that for an energy system to effectively respond to attacks, it is necessary to implement dynamic access control with the possibility of partial role delegation and taking into account the changing permissions of the resource manager. The cited studies propose an intelligent access control that analyzes security vulnerabilities and supports collaboration in smart grids through context-sensitive access policy management between the administrator, service, and agent [58]. Experimental results indicate the method’s high effectiveness.

5.2. Integrity Protection

Information integrity protection encompasses mechanisms designed to prevent unauthorized modification or deletion, ensuring its consistency and immutability. In this regard, we can highlight mechanisms for integrity verification, distributed ledger technology, and anomaly monitoring and detection.

5.2.1. Integrity Verification

From a technical perspective, ensuring message integrity and its subsequent verification is based on cryptographic hash function algorithms. The key mechanism in this regard is the Hash-based Message Authentication Code (HMAC). Typical implementations of the HMAC algorithm use standard cryptographic hash functions such as SHA or MD5 (e.g., HMAC-SHA2, HMAC-MD5). The HMAC algorithm can be a fundamental component in the design of dedicated mechanisms for smart grids to ensure and verify integrity. For example, in the previously cited research, Hafeez et al. [54] used the HMAC algorithm to ensure the integrity of symmetric encryption messages in the presented protocol. Other research has developed a smart grid security scheme that uses a code to decrypt messages with the Secure Key Distribution Protocol (SKDP), which protects against unknown share key attacks [59]. HMAC-MD5 has also been shown to be useful in detecting replay attacks in isolated smart grids [60]. One of the key limitations is that compromising the HMAC key enables an attacker to generate false messages. For this reason, the development of secure key storage mechanisms is required. It should also be noted that in a smart grid environment, low-power devices such as smart meters may struggle to efficiently process HMAC-SHA in real time. A potential solution could involve dedicated integrated circuits designed to perform cryptographic functions.

5.2.2. Blockchain Technology

Classic integrity mechanisms may have limitations in a distributed smart grid environment and are usually part of a protocol or other complex solution. Blockchain (BC) technology represents a much more advanced approach to ensuring integrity. The specific features that make BC technology suitable for implementation in smart grids include
  • Data immutability: data stored in individual blocks and validated by the network is immutable, providing strong support for the integrity of data processed in smart grids;
  • Decentralization: the distributed nature of blockchain significantly complicates integrity attacks, as a copy of the blockchain can be stored on multiple network nodes;
  • Cryptographic proof-based security: blockchain utilizes various cryptographic algorithms depending on the specific implementation, including SHA and ECDSA, as well as new types of algorithms that protect the network against future vulnerabilities to quantum computer attacks;
  • Consensus algorithms: Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (DPoS) algorithms ensure the network’s agreement on the correctness of data in blocks and protect them from future changes;
  • Smart contracts: an additional layer that ensures the integrity of business logic by enforcing rules and predefined logic, with any change in the counterparty state being recorded on the BC.
The above features make BC an area of interest for researchers in terms of implementation in smart grids. The literature emphasizes that blockchain allows for optimizing energy production, transmission and consumption, reducing costs, supporting the integration of renewable sources, streamlining retail billing, increasing community engagement, and ensuring better privacy and data security in wholesale energy trading [61]. Shamaseen et al. [62] introduced the Proof of Energy (PoE) consensus algorithm that selects validators based on node roles and random allocation, instead of computing power or stake ownership. The mechanism enables transaction verification across different node types, limits the influence of a single node on the verification process, and leverages automation through smart contracts [62].
It should be noted that the implementation of BC in a smart grid environment involves numerous barriers, limitations, and challenges. In particular, PoW algorithms require substantial computational effort, making them potentially unsuitable for application in smart grids. Other key challenges are related to the specific nature of power networks, in which some subsystems and embedded systems operate under real-time constraints. In turn, BC networks have limitations in terms of throughput expressed in the number of transactions processed per unit of time. It is therefore crucial to find a solution that minimizes the impact of BC on real-time systems. Moreover, implementing BC technology in smart grid is associated with high costs due to the need for significant investments in infrastructure, software solutions, and staff training. Creating dedicated blockchain-based software requires time resources necessary for the analysis of functional and non-functional requirements, system design, technology stack selection, solution programming, testing and implementation in accordance with software engineering. Furthermore, there is currently a lack of standards and widely recognized guidelines for BC integration in smart grids.

5.2.3. Anomaly Detection

In computer science, intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are used to enhance the cybersecurity of computer networks. In the distributed and heterogeneous smart grid environment, IDSs/IPSs can enhance information integrity by detecting and blocking unauthorized data modifications, MitM attacks, and manipulation of communication protocols. This helps maintain the integrity and correctness of transmitted information within the energy system. Key applications of IDSs/IPSs in smart grid cybersecurity include
  • Data manipulation detection: IDS/IPS can continuously monitor network traffic and detect anomalies that deviate from defined signature or heuristic rules, thereby counteracting data injection attacks in AMI or SCADA systems;
  • Attack and unauthorized access blocking: IDSs/IPSs can prevent attacks that attempt to modify control messages, protecting the integrity of communication and control in dedicated smart grid protocols;
  • Log auditing and analysis: IDSs/IPSs generate detailed logs from sensor groups, enabling subsequent auditing, incident analysis, and data integrity verification following a potential attack.
The literature includes research findings on IDSs/IPSs specifically designed for the smart grid environment. It is emphasized that IDSs for smart grids must meet the needs of SCADA systems [63]. Wu et al. [64] presented an intrusion detection framework that uses graphs and the Kolmogorov–Arnold network to improve detection accuracy in smart grids. The concept involves the creation of a graph structure in which the nodes are energy, IT and network devices, and the edges are the physical and logical connections between them, which allows for modeling interactions between devices [64]. The results of experimental studies indicate the high effectiveness of the presented method in terms of intrusion detection. In another study, Wen et al. [65] presented an intrusion detection system for smart grids using a dynamically weighted k-asynchronous federated learning technique. The presented mechanism addresses typical problems of large, distributed environments, such as device diversity, latency, and data staleness, providing faster convergence, higher accuracy, and better performance than traditional methods [65].
Modern IDSs/IPSs are based on advanced AI algorithms. However, it should be emphasized that the use of AI in smart grids involves certain barriers and challenges. In anomaly detection, the main limitation is the performance of the algorithms [66]. In CPSs, repeated false alarms can lead to costly interventions, making reliable anomaly detection essential to maintaining security, efficiency, and business continuity [66]. Moreover, control and management of energy networks using AI requires the implementation of specialized security solutions. For example, Jia et al. [67] applied a modified soft actor–critic algorithm utilizing Lagrangian relaxation and a safety layer scheme to ensure the solution’s safety aimed at improving the efficiency of multi-energy microgrids. It is also important to note that AI algorithms often require historical input datasets, and the lack of standardized data formats across various sources (such as AMI, sensors, and SCADA systems) makes data integration challenging. Recent literature offers methods that mitigate this limitation. For example, Tiwari et al. [68] proposed a method based on transient current measurements at the positive and negative pole boundaries, combining single-ended and double-ended measurements, which improves reliable fault detection in bipolar and monopolar modes. It was pointed out that the method does not require an extensive set of input data for training, as is the case with machine learning techniques [68].

5.3. Availability Protection

Countermeasures and safeguards aimed at ensuring availability should guarantee that smart grid systems, data, and services remain accessible to authorized users in a timely manner. In this regard, particular attention should be given to DDoS attack mitigation, redundancy and diversity mechanisms, as well as continuous monitoring.

5.3.1. Counteracting DDoS Attacks

DDoS attacks are one of the critical threats to availability in smart grids. Countermeasures and security measures should ensure communication continuity while protecting against infrastructure overload. Computer science provides numerous tools for countering DDoS attacks, including:
  • Network traffic filtering: firewalls can block specific network traffic based on defined rules;
  • Network segmentation: Virtual LAN (VLAN) technology for dividing a computer network into separate segments or Virtual Private Networks (VPNs) for connecting distributed subnetworks into a larger network;
  • Load balancing: mechanisms for distributing and spreading the load (including network traffic) across multiple servers in a cluster or server farm, thereby reducing the traffic directed to SCADA servers or smart grid control centers;
  • Connection limiting: mechanisms for limiting the number of requests and bandwidth for a single client.
The above security measures should be adapted to the specifics of the smart grid. The literature provides research results that have developed DDoS countermeasures specifically designed for the heterogeneous and distributed nature of smart grids. In particular, artificial intelligence algorithms may have key applications in countering DDoS attacks. Alhashmi et al. [69] presented a mechanism for identifying DDoS attacks on smart grids using the VGG19 deep neural network and the Harris Hawks optimization algorithm (HHO). The proposed approach utilizes feature extraction from the VGG19-DNN network to detect network traffic anomalies indicative of DDoS attacks, and additional feature optimization using the HHO algorithm increases detection accuracy [69]. The system operates in a distributed architecture, enabling real-time monitoring and response without impacting the performance of smart grids [69]. There are also studies in which the previously analyzed blockchain technology is used to counter DDoS attacks on smart grids. Mohamed et al. [70] presented a method that uses a private blockchain with a proof-of-work mechanism to secure access and maintain data integrity in a micro-grid controlled by PI controllers.

5.3.2. Redundancy and Diversity Mechanisms

In a smart grid environment, redundancy and diversity are key strategies to protect availability. Redundancy involves implementing additional backup components in the system to ensure system operation in the event of an attack or failure [71]. Diversity means differentiating components by using different types of hardware and software solutions to limit the impact of vulnerabilities that may be unique to one type of component, thereby limiting the impact on the entire system [71]. The following perspectives can be distinguished in the application of redundancy and diversity in smart grid infrastructure:
  • Hardware: redundancy can be achieved through the use of redundant infrastructure devices that take over functions in the event of a failure of primary components. Diversity involves using different device models, manufacturers, or architectures, which reduces the risk of system failure due to a single type of hardware.
  • Software: redundancy involves the use of redundant system instances (e.g., SCADA, application servers) that are capable of taking over in the event of a failure or attack on the primary systems. Diversity can be achieved through the use of different operating systems (e.g., Linux, BSD) and software to reduce the risk associated with vulnerabilities in a single solution.
  • Communication: redundancy involves the use of redundant channels and devices (e.g., backup links and transmission media, routers, clusters, and IoT devices) that guarantee the continuity of data transmission in the event of a failure or attack. Diversity can be achieved through the use of various protocols and transmission technologies (e.g., MQTT, GSM, fiber optics, MPLS routing protocol) to limit the impact of single vulnerabilities on the entire system.
  • Data: redundancy of processed data (e.g., operational and configuration data, measurements from smart meters and endpoint devices) can be achieved by creating copies of data in different locations (e.g., backup data centers, real-time server replication, blockchain, RAID arrays). Diversity can be achieved by diversifying the methods of storing, processing, or transmitting data (e.g., different database systems—e.g., SQL, NoSQL, blockchain, as well as different data formats—e.g., XML, JSON), minimizing the risk of data loss due to a single vulnerability, failure, or attack.
Redundancy and diversity are synergistic strategies for improving cybersecurity. Available research indicates that N-1 redundancy can lead to a 96% improvement in network reliability when deploying phasor measurement units (PMUs) in smart grids [72].

5.3.3. Monitoring

Monitoring in smart grids aims to quickly detect and respond to incidents and faults that may impact system availability. Key security measures for ongoing IT system monitoring include:
  • Security Information and Event Management (SIEM) systems: These systems provide a holistic view of network security by analyzing logs from various devices, such as computers, servers, switches, routers, firewalls, antivirus software, and IDS/IPS [73]. In smart grids, SIEM systems can be used to collect and analyze logs from various components of the distributed infrastructure (e.g., smart meters, SCADA systems, PLCs, IoT devices). Based on collected logs, the SIEM engine correlates events to identify malicious activity [74]. The analysis results are displayed in the presentation layer [74]. Modern SIEM systems integrate artificial intelligence algorithms, including machine learning, to increase analysis efficiency.
  • Endpoint Detection and Response (EDR) systems: Monitor endpoint activity in real time, detecting suspicious behavior, infections, and security breaches, while supporting searches by collecting detailed telemetry data [75]. Endpoint telemetry, file modifications, and network communications are processed by EDR solutions and forwarded to SIEM systems for further use [75]. EDR systems rely on two key data collection methods: network analysis and host-based information gathering [75]. EDR protects smart grid infrastructure from cyberattacks by providing real-time incident information and collecting logs for security analysis, minimizing the risk of disruptions to the power grid’s availability. However, it is pointed out that certain categories of devices, including industrial control systems, do not support the installation of EDR agents, which is a significant limitation [75]. Agentless EDR systems offer an alternative, offering easier and faster deployment and maintenance by eliminating the need for software installation and updates [75].
  • Security Orchestration, Automation, and Response (SOAR) systems: Tools that enable security alert management and incident response by integrating security tools, simplifying repetitive processes, and providing a comprehensive incident management solution [76]. These systems are considered to play a key role in addressing operational challenges [77]. Traditional SOAR systems are primarily based on no-code and low-code approaches, which enhance accessibility and reduce the need for developer involvement [77]. Despite their accessibility, solutions based on no-code/low-code approaches often suffer from limitations, including limited customization options, difficulty managing complex playbooks, and limited flexibility in adapting to dynamically changing threat scenarios [77]. By using Large Language Models (LLMs), modern SOAR platforms can dynamically create code, resulting in more adaptive and scalable automation [77]. In a heterogeneous and distributed smart grid environment, SOAR systems enable the integration of data from AMI, SCADA systems, and IDS/IPS logs.
It should be noted that SIEM, EDR, and SOAR systems demonstrate synergistic effects and can complement each other. The literature provides innovative research results on integrated smart grid monitoring systems. Guo et al. [78] presented the results of a study integrating unmanned aerial vehicles (UAVs) with a smart grid, enabling three-dimensional tracking of DDoS attacks. The cited studies utilized UAV mobility, adaptive beam searching, and an iterative threshold update mechanism to accurately reconstruct attack paths and localize their sources [78].

6. Smart Grid Cybersecurity Framework

According to the theory of security science, the issue of ensuring cybersecurity of any system should be considered holistically. Therefore, the layered architecture shown in Figure 1 (Section 3) was used to develop the smart grid cybersecurity framework. This allowed for the consideration of individual smart grid functional layers, which are closely interconnected and mutually determinant. The cybersecurity framework for smart grids assumes the application of the countermeasures and safeguards analyzed in Section 5 to the respective layers of smart grid architecture. This approach simultaneously takes into account cybersecurity requirements and the core attributes of confidentiality, integrity, and availability, as discussed in Section 4. The smart grid cybersecurity framework is presented in Figure 2.
The figure above proposes a holistic framework for smart grid cybersecurity that considers requirements, architecture, countermeasures, and security. Furthermore, the human factor was also taken into account, which, as indicated in [79], is often overlooked in research on the discussed issue. It should be emphasized that user competences, understood as knowledge, skills, and attitudes, are among the key aspects of cybersecurity. The effectiveness of implemented solutions depends largely on awareness and adherence to procedures, as well as practical skills such as responding to security incidents. Therefore, taking into account the human factor is a necessary condition for ensuring resilience to cyber threats. The countermeasures and security measures highlighted in Figure 2 present a number of challenges and barriers to implementation in a distributed and heterogeneous smart grid environment. Therefore, Table 1 presents the countermeasures and security measures along with examples of specific solutions, a list of challenges and barriers, and options for mitigating them.
Designing holistic smart grid cybersecurity strategies should take into account legal regulations, human factors, and information security attributes. Countermeasures and security measures known from computer science generate challenges and implementation barriers in a smart grid environment.

7. Conclusions

The conducted analyses revealed the complexity and multidimensionality of cybersecurity issues in smart grids. Each architectural layer generates specific cybersecurity requirements and threats in terms of confidentiality, integrity, and availability. The occurrence of a single threat or incident can impact the security of the entire system. Therefore, only a holistic approach can translate into real improvement in the cybersecurity of smart grids. Regarding the first research question (RQ1), it should be emphasized that the cybersecurity requirements of smart grids can be considered in the context of information security attributes. This approach enables risk analysis and the identification of vulnerabilities and threats to confidentiality, integrity, and availability (RQ2). Regarding RQ3, it should be noted that the identified countermeasures and security measures should take into account the specificity and special requirements generated by the distributed and heterogeneous nature of the smart grid environment. Regarding RQ4, it should be emphasized that the implementation of a smart grid cybersecurity framework requires the cooperation and knowledge of experts from various fields. In particular, in the business layer, it is crucial to develop up-to-date security policies and procedures that comply with legal regulations, preceded by risk analysis, as well as to undertake cybersecurity education activities for customers and employees. In the application layer, the challenge is implementing and integrating technologies that improve the cybersecurity of data processing and storage. In the communication layer, the requirements for mechanisms ensure the security of data transmission within the smart grid infrastructure. Security in the power layer is determined by, among other things, a range of physical safeguards, the integrity of control systems, and the security of endpoint devices. Despite the broad scope of the analysis, this article has certain limitations. In particular, the holistic cybersecurity framework developed as a result of the review is conceptual. The dynamic development of ICT determines the constantly evolving landscape of smart grid cybersecurity threats, necessitating constant updates to requirements, vulnerabilities, and security measures. Therefore, subsequent research steps may include developing technical paths for implementing cybersecurity solutions based on the proposed framework, along with assessment and verification methods, as well as conducting empirical studies in simulation environments.

Author Contributions

Conceptualization, E.K.S. and H.S.; methodology, E.K.S. and H.S.; software, E.K.S. and H.S.; validation, E.K.S. and H.S.; formal analysis, E.K.S. and H.S.; investigation, E.K.S. and H.S.; resources, E.K.S. and H.S.; data curation, E.K.S. and H.S.; writing—original draft preparation, E.K.S. and H.S.; writing—review and editing, E.K.S. and H.S.; visualization, E.K.S. and H.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Not applicable.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
ABACAttribute-Based Access Control
AESAdvanced Encryption Standard
AIArtificial Intelligence
AMIAdvanced Metering Infrastructure
BCBlockchain
BSDBerkeley Software Distribution
CBADigital Certificate-Based Authentication
CoAPConstrained Application Protocol
CPSCyber-Physical System
CPPSCyber-Physical Power System
DACDiscretionary Access Control
DDoSDistributed Denial of Service
DNP3Distributed Network Protocol version 3
DoSDenial-of-Service
DPoSDelegated Proof of Stake
DTLSDatagram Transport Layer Security
ECCElliptic Curve Cryptography
ECDHElliptic Curve Diffie–Hellman algorithm
ECDSAElliptic Curve Digital Signature algorithm
EDREndpoint Detection and Response system
FAFederated Identity-Based Authentication
FDIFalse Data Injection Attack
GSMGlobal System for Mobile Communications
HHOHarris Hawks optimization algorithm
HMACHash-based Message Authentication Code
ICTInformation and Communication Technologies
IDSIntrusion Detection System
IPSIntrusion Prevention System
IoTInternet of Things
JSONJavaScript Object Notation
LLMLarge Language Model
MitMMan in the Middle Attack
MD5Message-Digest algorithm 5
MFAMulti-Factor Authentication
MQTTMessage Queue Telemetry Transport
MPLSMultiprotocol Label Switching
OTOperational Technology
PANPersonal Area Network
PMUPhasor Measurement Unit
PLCProgrammable Logic Controller
PoEProof of Energy
PoSProof of Stake
PoWProof of Work
RAIDRedundant Array of Independent Disks
RBACRole-Based Access Control
RTURemote Terminal Unit
SCADASupervisory Control And Data Acquisition
SIEMSecurity Information and Event Management
SGAMSmart Grid Architecture Model
SHASecure Hash Algorithm
SKDPSecure Key Distribution Protocol
SOARSecurity Orchestration, Automation, and Response systems
SQLStructured Query Language
ST-GCNSpatial-Temporal Graph Convolutional Network
TCP/IPTransmission Control Protocol/Internet Protocol
TLS/SSLTransport Layer Security/Secure Sockets Layer
UAVzUnmanned Aerial Vehicles
VLANVirtual Local Area Network
VPNVirtual Private Network
WANWide Area Network
XMLExtensible Markup Language

References

  1. Abdulsalam, K.A.; Adebisi, J.; Emezirinwune, M.; Babatunde, O. An Overview and Multicriteria Analysis of Communication Technologies for Smart Grid Applications. e-Prime Adv. Electr. Eng. Electron. Energy 2023, 3, 100121. [Google Scholar] [CrossRef]
  2. Jasiūnas, J.; Lund, P.D.; Mikkola, J. Energy System Resilience—A Review. Renew. Sustain. Energy Rev. 2021, 150, 111476. [Google Scholar] [CrossRef]
  3. Ahmad, T.; Zhang, D.; Huang, C.; Zhang, H.; Dai, N.; Song, Y.; Chen, H. Artificial Intelligence in Sustainable Energy Industry: Status Quo, Challenges and Opportunities. J. Clean. Prod. 2021, 289, 125834. [Google Scholar] [CrossRef]
  4. Kim, S.; Heo, G.; Zio, E.; Shin, J.; Song, J.-G. Cyber Attack Taxonomy for Digital Environment in Nuclear Power Plants. Nucl. Eng. Technol. 2020, 52, 995–1001. [Google Scholar] [CrossRef]
  5. Krzykowski, M. Legal Aspects of Cybersecurity in the Energy Sector—Current State and Latest Proposals of Legislative Changes by the EU. Energies 2021, 14, 7836. [Google Scholar] [CrossRef]
  6. Heymann, F.; Henry, S.; Galus, M. Cybersecurity and Resilience in the Swiss Electricity Sector: Status and Policy Options. Util. Policy 2022, 79, 101432. [Google Scholar] [CrossRef]
  7. Alsuwian, T.; Shahid Butt, A.; Amin, A.A. Smart Grid Cyber Security Enhancement: Challenges and Solutions—A Review. Sustainability 2022, 14, 14226. [Google Scholar] [CrossRef]
  8. World Economic Forum. Cyber Resilience in the Electricity Ecosystem: Securing the Value Chain; World Economic Forum: Geneva, Switzerland, 2020; Available online: https://www3.weforum.org/docs/WEF_Securing_the_Electricity_Value_Chain_2020.pdf (accessed on 10 June 2025).
  9. International Energy Agency. Enhancing Cyber Resilience in Electricity Systems. Available online: https://iea.blob.core.windows.net/assets/0ddf8935-be23-4d5f-b798-3aad1f32432f/Enhancing_Cyber_Resilience_in_Electricity_Systems.pdf (accessed on 10 June 2025).
  10. Commission Recommendation (EU) 2019/553 of 3 April 2019 on Cybersecurity in the Energy Sector. Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2019.096.01.0050.01.ENG&toc=OJ:L:2019:096:TOC (accessed on 10 June 2025).
  11. Priyadarshini, I.; Kumar, R.; Sharma, R.; Singh, P.K.; Satapathy, S.C. Identifying Cyber Insecurities in Trustworthy Space and Energy Sector for Smart Grids. Comput. Electr. Eng. 2021, 93, 107204. [Google Scholar] [CrossRef]
  12. Otuoze, A.O.; Mustafa, M.W.; Larik, R.M. Smart Grids Security Challenges: Classification by Sources of Threats. J. Electr. Syst. Inf. Technol. 2018, 5, 468–483. [Google Scholar] [CrossRef]
  13. International Energy Agency, Smart Grids. Available online: https://www.iea.org/energy-system/electricity/smart-grids (accessed on 14 June 2025).
  14. Panda, D.K.; Das, S. Smart Grid Architecture Model for Control, Optimization and Data Analytics of Future Power Networks with More Renewable Energy. J. Clean. Prod. 2021, 301, 126877. [Google Scholar] [CrossRef]
  15. Gopstein, A.; Nguyen, C.; O’Fallon, C.; Hastings, N.; Wollman, D. NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2021. [CrossRef]
  16. CEN-CENELEC-ETSI Smart Grid Coordination Group. Smart Grid Reference Architecture. Available online: https://www.cencenelec.eu/media/CEN-CENELEC/AreasOfWork/CEN-CENELEC_Topics/Smart%20Grids%20and%20Meters/Smart%20Grids/reference_architecture_smartgrids.pdf (accessed on 4 July 2025).
  17. IEEE Smart Grid Vision for Computing: 2030 and Beyond; IEEE: New York, NY, USA, 2013. [CrossRef]
  18. Moura, P.S.; López, G.L.; Moreno, J.I.; De Almeida, A.T. The Role of Smart Grids to Foster Energy Efficiency. Energy Effic. 2013, 6, 621–639. [Google Scholar] [CrossRef]
  19. Raza, M.A.; Aman, M.M.; Abro, A.G.; Tunio, M.A.; Khatri, K.L.; Shahid, M. Challenges and Potentials of Implementing a Smart Grid for Pakistan’s Electric Network. Energy Strat. Rev. 2022, 43, 100941. [Google Scholar] [CrossRef]
  20. Mihal, P.; Schvarcbacher, M.; Rossi, B.; Pitner, T. Smart Grids Co-Simulations: Survey & Research Directions. Sustain. Comput. Inform. Syst. 2022, 35, 100726. [Google Scholar] [CrossRef]
  21. López, G.; Moura, P.; Moreno, J.; Camacho, J. Multi-Faceted Assessment of a Wireless Communications Infrastructure for the Green Neighborhoods of the Smart Grid. Energies 2014, 7, 3453–3483. [Google Scholar] [CrossRef]
  22. Kermani, M.; Adelmanesh, B.; Shirdare, E.; Sima, C.A.; Carnì, D.L.; Martirano, L. Intelligent Energy Management Based on SCADA System in a Real Microgrid for Smart Building Applications. Renew. Energy 2021, 171, 1115–1127. [Google Scholar] [CrossRef]
  23. Neis, P.; Wehrmeister, M.A.; Mendes, M.F.; Pesente, J.R. Applying a Model-Driven Approach to the Development of Power Plant SCADA/EMS Software. Int. J. Electr. Power Energy Syst. 2023, 153, 109336. [Google Scholar] [CrossRef]
  24. Shokry, M.; Awad, A.I.; Abd-Ellah, M.K.; Khalaf, A.A.M. Systematic Survey of Advanced Metering Infrastructure Security: Vulnerabilities, Attacks, Countermeasures, and Future Vision. Future Gener. Comput. Syst. 2022, 136, 358–377. [Google Scholar] [CrossRef]
  25. Mohsenian-Rad, H. Smart Grid Sensors: Principles and Applications; Cambridge University Press: Cambridge, UK, 2022. [Google Scholar] [CrossRef]
  26. Nengroo, S.H.; Jin, H.; Lee, S. Management of Distributed Renewable Energy Resources with the Help of a Wireless Sensor Network. Appl. Sci. 2022, 12, 6908. [Google Scholar] [CrossRef]
  27. Dorji, S.; Stonier, A.A.; Peter, G.; Kuppusamy, R.; Teekaraman, Y. An Extensive Critique on Smart Grid Technologies: Recent Advancements, Key Challenges, and Future Directions. Technologies 2023, 11, 81. [Google Scholar] [CrossRef]
  28. Wang, Q.; Zhang, G.; Wen, F. A Survey on Policies, Modelling and Security of Cyber-physical Systems in Smart Grids. Energy Convers. Econ. 2021, 2, 197–211. [Google Scholar] [CrossRef]
  29. Yu, X.; Xue, Y. Smart Grids: A Cyber–Physical Systems Perspective. Proc. IEEE Inst. Electr. Electron. Eng. 2016, 104, 1058–1070. [Google Scholar] [CrossRef]
  30. Alavikia, Z.; Shabro, M. A Comprehensive Layered Approach for Implementing Internet of Things-Enabled Smart Grid: A Survey. Digit. Commun. Netw. 2022, 8, 388–410. [Google Scholar] [CrossRef]
  31. Li, J.; Herdem, M.S.; Nathwani, J.; Wen, J.Z. Methods and Applications for Artificial Intelligence, Big Data, Internet of Things, and Blockchain in Smart Energy Management. Energy AI 2023, 11, 100208. [Google Scholar] [CrossRef]
  32. Szczepaniuk, H.; Szczepaniuk, E.K. Applications of Artificial Intelligence Algorithms in the Energy Sector. Energies 2022, 16, 347. [Google Scholar] [CrossRef]
  33. Gallo, G.D.; Micucci, D. Internet of Medical Things Systems Review: Insights into Non-Functional Factors. Sensors 2025, 25, 2795. [Google Scholar] [CrossRef] [PubMed]
  34. Szczepaniuk, E.K.; Szczepaniuk, H. Analysis of Cybersecurity Competencies: Recommendations for Telecommunications Policy. Telecomm. Policy 2022, 46, 102282. [Google Scholar] [CrossRef]
  35. Hueros-Barrios, P.J.; Rodríguez Sánchez, F.J.; Martín, P.; Jiménez, C.; Fernández, I. Addressing the Cybersecurity Vulnerabilities of Advanced Nanogrids: A Practical Framework. Internet Things 2022, 20, 100620. [Google Scholar] [CrossRef]
  36. Nejabatkhah, F.; Li, Y.W.; Liang, H.; Reza Ahrabi, R. Cyber-Security of Smart Microgrids: A Survey. Energies 2021, 14, 27. [Google Scholar] [CrossRef]
  37. Yang, T.; Liu, Y.; Li, W. Attack and Defence Methods in Cyber-physical Power System. IET Energy Syst. Integr. 2022, 4, 159–170. [Google Scholar] [CrossRef]
  38. European Union Agency for Cybersecurity; Lella, I.; Theocharidou, M.; Tsekmezoglou, E.; Svetozarov Naydenov, R.; Ciobanu, C.; Malatras, A. ENISA Threat Landscape 2022: July 2021 to July 2022. 2022. Available online: https://data.europa.eu/doi/10.2824/764318 (accessed on 8 July 2025).
  39. European Union Agency for Cybersecurity; Mattioli, R.; Malatras, A.; Hunter, E.N.; Biasibetti Penso, M.G.; Bertram, D.; Neubert, I. Identifying Emerging Cybersecurity Threats and Challenges for 2030. 2023. Available online: https://data.europa.eu/doi/10.2824/117542 (accessed on 8 July 2025).
  40. Liang, G.; Zhao, J.; Luo, F.; Weller, S.R.; Dong, Z.Y. A Review of False Data Injection Attacks against Modern Power Systems. IEEE Trans. Smart Grid 2017, 8, 1630–1638. [Google Scholar] [CrossRef]
  41. Reda, H.T.; Anwar, A.; Mahmood, A. Comprehensive Survey and Taxonomies of False Data Injection Attacks in Smart Grids: Attack Models, Targets, and Impacts. Renew. Sustain. Energy Rev. 2022, 163, 112423. [Google Scholar] [CrossRef]
  42. Boeding, M.; Boswell, K.; Hempel, M.; Sharif, H.; Lopez, J., Jr.; Perumalla, K. Survey of Cybersecurity Governance, Threats, and Countermeasures for the Power Grid. Energies 2022, 15, 8692. [Google Scholar] [CrossRef]
  43. Tellbach, D.; Li, Y.F. A survey on the cyber-security of distributed generation systems. In Safety and Reliability—Theory and Applications; Čepin, M., Briš, R., Eds.; CRC Press/Balkema: Leiden, The Netherlands, 2017; pp. 83–90. [Google Scholar]
  44. Wlazlo, P.; Sahu, A.; Mao, Z.; Huang, H.; Goulart, A.; Davis, K.; Zonouz, S. Man-in-the-middle Attacks and Defence in a Power System Cyber-physical Testbed. IET Cyber-Phys. Syst. Theory Appl. 2021, 6, 164–177. [Google Scholar] [CrossRef]
  45. Khalil, S.M.; Bahsi, H.; Dola, H.O.; Korõtko, T.; McLaughlin, K.; Kotkas, V. Threat Modeling of Cyber-Physical Systems—A Case Study of a Microgrid System. Comput. Secur. 2023, 124, 102950. [Google Scholar] [CrossRef]
  46. Abdulsalam, Y.S.; Hedabou, M. Security and Privacy in Cloud Computing: Technical Review. Future Internet 2021, 14, 11. [Google Scholar] [CrossRef]
  47. Sousa-Dias, D.; Amyot, D.; Rahimi-Kian, A.; Bashari, M.; Mylopoulos, J. Cyclic Homomorphic Encryption Aggregation (CHEA)—A Novel Approach to Data Aggregation in the Smart Grid. Energies 2024, 17, 878. [Google Scholar] [CrossRef]
  48. Deng, S.; Cui, S.; Xu, A. Power Prediction of Regional Photovoltaic Power Stations Based on Meteorological Encryption and Spatio-Temporal Graph Networks. Energies 2024, 17, 3557. [Google Scholar] [CrossRef]
  49. Zhang, J.; He, B.; Lv, J.; Zhao, C.; Yu, G.; Liu, D. Research on Grid Multi-Source Survey Data Sharing Algorithm for Cross-Professional and Cross-Departmental Operations Collaboration. Energies 2024, 17, 4380. [Google Scholar] [CrossRef]
  50. Yaacoub, J.P.A.; Noura, H.N.; Salman, O.; Chahine, K. Toward Secure Smart Grid Systems: Risks, Threats, Challenges, and Future Directions. Future Internet 2025, 17, 318. [Google Scholar] [CrossRef]
  51. Kazmi, S.H.A.; Hassan, R.; Qamar, F.; Nisar, K.; Ibrahim, A.A.A. Security Concepts in Emerging 6G Communication: Threats, Countermeasures, Authentication Techniques and Research Directions. Symmetry 2023, 15, 1147. [Google Scholar] [CrossRef]
  52. Khan, A.A.; Kumar, V.; Ahmad, M. An Elliptic Curve Cryptography Based Mutual Authentication Scheme for Smart Grid Communications Using Biometric Approach. J. King Saud Univ. Comput. Inf. Sci. 2022, 34, 698–705. [Google Scholar] [CrossRef]
  53. AlJanah, S.; Zhang, N.; Tay, S.W. Optimizing Group Multi-Factor Authentication for Secure and Efficient IoT Device Communications. Cryptography 2025, 9, 35. [Google Scholar] [CrossRef]
  54. Hafeez, M.A.; Shakib, K.H.; Munir, A. A Secure and Scalable Authentication and Communication Protocol for Smart Grids. J. Cybersecur. Priv. 2025, 5, 11. [Google Scholar] [CrossRef]
  55. Zhonghua, C.; Goyal, S.B.; Rajawat, A.S. Smart Contracts Attribute-Based Access Control Model for Security & Privacy of IoT System Using Blockchain and Edge Computing. J. Supercomput. 2024, 80, 1396–1425. [Google Scholar] [CrossRef]
  56. Sarfaraz, A.; Chakrabortty, R.K.; Essam, D.L. AccessChain: An Access Control Framework to Protect Data Access in Blockchain Enabled Supply Chain. Future Gener. Comput. Syst. 2023, 148, 380–394. [Google Scholar] [CrossRef]
  57. Bakhtiary, V.; Mirabi, M.; Salajegheh, A.; Erfani, S.H. Combo-Chain: Towards a Hierarchical Attribute-Based Access Control System for IoT with Smart Contract and Sharding Technique. Internet Things 2024, 25, 101080. [Google Scholar] [CrossRef]
  58. Kim, H.; Choi, J. Intelligent Access Control Design for Security Context Awareness in Smart Grid. Sustainability 2021, 13, 4124. [Google Scholar] [CrossRef]
  59. Chatterjee, T.; Biswas, S.; Shil, S.; Purkait, P.; Ghosh, P. Enhancement of Data Security Scheme with Cryptography Training System in Smart Grid Network. In Proceedings of the 2023 IEEE 3rd Applied Signal Processing Conference (ASPCON), Haldia, India, 24–25 November 2023; IEEE 2023. [Google Scholar] [CrossRef]
  60. Pavithra, L.; Rekha, D. Prevention of Replay Attack for Isolated Smart Grid. In Next Generation Information Processing System; Advances in Intelligent Systems and Computing; Deshpande, P., Abraham, A., Iyer, B., Ma, K., Eds.; Springer: Singapore, 2021; pp. 251–258. [Google Scholar] [CrossRef]
  61. Ferreira, J.C. Bridging the Gaps: Future Directions for Blockchain and IoT Integration in Smart Grids. Energies 2025, 18, 772. [Google Scholar] [CrossRef]
  62. Shamaseen, A.; Qatawneh, M.; Elshqeirat, B. Smart Grid System Based on Blockchain Technology for Enhancing Trust and Preventing Counterfeiting Issues. Energies 2025, 18, 3523. [Google Scholar] [CrossRef]
  63. Hamdi, N. A Hybrid Learning Technique for Intrusion Detection System for Smart Grid. Sustain. Comput. Inform. Syst. 2025, 46, 101102. [Google Scholar] [CrossRef]
  64. Wu, Y.; Zang, Z.; Zou, X.; Luo, W.; Bai, N.; Xiang, Y.; Li, W.; Dong, W. Graph Attention and Kolmogorov-Arnold Network Based Smart Grids Intrusion Detection. Sci. Rep. 2025, 15, 8648. [Google Scholar] [CrossRef] [PubMed]
  65. Wen, M.; Zhang, Y.; Zhang, P.; Chen, L. IDS-DWKAFL: An Intrusion Detection Scheme Based on Dynamic Weighted K-Asynchronous Federated Learning for Smart Grid. J. Inf. Secur. Appl. 2025, 89, 103993. [Google Scholar] [CrossRef]
  66. Gaggero, G.B.; Girdinio, P.; Marchese, M. Artificial Intelligence and Physics-Based Anomaly Detection in the Smart Grid: A Survey. IEEE Access 2025, 13, 23597–23606. [Google Scholar] [CrossRef]
  67. Jia, X.; Xia, Y.; Yan, Z.; Gao, H.; Qiu, D.; Guerrero, J.M.; Li, Z. Coordinated Operation of Multi-Energy Microgrids Considering Green Hydrogen and Congestion Management via a Safe Policy Learning Approach. Appl. Energy 2025, 401, 126611. [Google Scholar] [CrossRef]
  68. Tiwari, R.S.; Sharma, J.P.; Gupta, O.H.; Ahmed Abdullah Sufyan, M. Extension of Pole Differential Current Based Relaying for Bipolar LCC HVDC Lines. Sci. Rep. 2025, 15, 16142. [Google Scholar] [CrossRef]
  69. Alhashmi, A.; Idwaib, H.; Avci, S.A.; Rahebi, J.; Ghadami, R. Distributed Denial-of-Service (DDoS) on the Smart Grids Based on VGG19 Deep Neural Network and Harris Hawks Optimization Algorithm. Sci. Rep. 2025, 15, 18243. [Google Scholar] [CrossRef]
  70. Mohamed, M.V.O.; Abdelaziz, A.Y.; Abo-Elyousr, F.K. Blockchain-Based Approach for Load Frequency Control of Smart Grids under Denial-of-Service Attacks. Comput. Electr. Eng. 2024, 116, 109150. [Google Scholar] [CrossRef]
  71. Laszka, A.; Abbas, W.; Vorobeychik, Y.; Koutsoukos, X. Integrating Redundancy, Diversity, and Hardening to Improve Security of Industrial Internet of Things. Cyber-Phys. Syst. 2019, 6, 1–32. [Google Scholar] [CrossRef]
  72. Jimada-Ojuolape, B.; Teh, J.; Lai, C.-M. Enhancing Power Grid Reliability with PMU Placement in Flexibly Rated Cyber-Physical Systems. Electric Power Syst. Res. 2025, 241, 111327. [Google Scholar] [CrossRef]
  73. Sheeraz, M.; Durad, M.H.; Paracha, M.A.; Mohsin, S.M.; Kazmi, S.N.; Maple, C. Revolutionizing SIEM Security: An Innovative Correlation Engine Design for Multi-Layered Attack Detection. Sensors 2024, 24, 4901. [Google Scholar] [CrossRef] [PubMed]
  74. Ali, G.; Shah, S.; ElAffendi, M. Enhancing Cybersecurity Incident Response: AI-Driven Optimization for Strengthened Advanced Persistent Threat Detection. Results Eng. 2025, 25, 104078. [Google Scholar] [CrossRef]
  75. Kodituwakku, A.; Gregor, J. InMesh: A Zero-Configuration Agentless Endpoint Detection and Response System. Electronics 2025, 14, 1292. [Google Scholar] [CrossRef]
  76. Pitkar, H. Cloud Security Automation through Symmetry: Threat Detection and Response. Symmetry 2025, 17, 859. [Google Scholar] [CrossRef]
  77. Ismail; Kurnia, R.; Brata, Z.A.; Nelistiani, G.A.; Heo, S.; Kim, H.; Kim, H. Toward Robust Security Orchestration and Automated Response in Security Operations Centers with a Hyper-Automation Approach Using Agentic Artificial Intelligence. Information 2025, 16, 365. [Google Scholar] [CrossRef]
  78. Guo, W.; Zhang, Z.; Chang, L.; Song, Y.; Yin, L. A DDoS Tracking Scheme Utilizing Adaptive Beam Search with Unmanned Aerial Vehicles in Smart Grid. Drones 2024, 8, 437. [Google Scholar] [CrossRef]
  79. Alomari, M.A.; Al-Andoli, M.N.; Ghaleb, M.; Thabit, R.; Alkawsi, G.; Alsayaydeh, J.A.J.; Gaid, A.S.A. Security of Smart Grid: Cybersecurity Issues, Potential Cyberattacks, Major Incidents, and Future Directions. Energies 2025, 18, 141. [Google Scholar] [CrossRef]
Energies 18 05017 g001
Figure 1. Smart Grid Architecture. Source: Own work.
Figure 1. Smart Grid Architecture. Source: Own work.
Energies 18 05017 g001
Energies 18 05017 g002
Figure 2. Holistic Cybersecurity Framework for Smart Grids. Source: Own work.
Figure 2. Holistic Cybersecurity Framework for Smart Grids. Source: Own work.
Energies 18 05017 g002
Table 1. Smart grid cybersecurity countermeasures and safeguards.
Table 1. Smart grid cybersecurity countermeasures and safeguards.
Cybersecurity Measures and SafeguardsSpecific SolutionsChallenges and BarriersAddressing Challenges
and Barriers
Security policies and proceduresimplementing compliance policies, developing
incident response plans,
implementing data
protection and privacy
policies		insufficient implementation
in real business scenarios,
inconsistent procedures		regular internal audits,
updating policies and
procedures, establishment
of dedicated working teams
Risk
management		developing a risk
management framework based on standards such as the NIST Cybersecurity Framework or ISO/IEC 27001		difficulty identifying risks
due to the distributed and
heterogeneous smart grid
environment		infrastructure mapping,
expert support
Cybersecurity education
campaigns for clients		awareness campaigns,
distance learning,
webinars with experts,
films and educational
materials		high cost, lack of customer
engagement		implementation of e-learning methods, personalization
of educational content
for specific target groups
Employee
cybersecurity training		initial training, periodic
supplementary training,
practical workshops,
continuous improvement
of awareness, knowledge
and skills		low efficiency reflected in real knowledge and skills, varied
level of technical knowledge
of employees		using activating forms
and methods of education,
personalizing educational
content for specific groups
of employees
Access
management		DAC, RBAC, ABACcomplexity of access
management; difficulty
maintaining access policies
for multiple users, locations,
and devices; potential
performance issues		implementation of automated
access management mechanisms, use of edge computing
and cloud systems
IDS/IPS
systems		Snort, Suricata,
Bro/Zeek		difficulties in detecting
anomalies, false alarms,
integration problems		optimization of signatures
and rules for smart grid,
implementation of IDS/IPS
based on machine learning, standardization of protocols
Data encryption at restSQLCipher,
Cryptsetup,
VeraCrypt,
dm-crypt/LUKS,
GnuPG, OpenSSL		complexity of key management, risk of data loss after key loss,
impact on performance		key management automation, emergency key recovery
procedures
Blockchain
technology		public and private
blockchains,
smart contracts		high demand for computing power of PoW
algorithms, performance
limitations, high costs, lack of standards and guidelines
for smart grids		use of energy-efficient consensus algorithms, standardization of solutions, use of open source technologies
SIEM, EDR, and SOAR systemsWazuh, TheHive,
OSSIM, ELK Stack,
Graylog, Shuffle,
Cortex		limitations in installing EDR agents, integration problems
in OT networks		agentless EDR systems,
adapted to the specific
needs of OT
Redundancy
and diversity		hardware, software,
communication and data
solutions		high implementation
and maintenance costs		selecting critical infrastructure
elements using risk analysis
Transmission
encryption		DNP3 with encryption, TLS/SSL, IPSec, VPN,
MQTT-S, CoAP with DTLS, LoRaWAN, ECC		limited computing power
of edge devices		use of lightweight encryption protocols, use of Hardware
Security Modules
Device and user authenticationMFA, CBA,
and FA authentication		difficult integration with
OT systems		use of industrial versions
of authorization protocols
Network
segmentation		VLAN, VPNpossible impact on system
performance, management
difficulties		implementation of network mechanisms ensuring
traffic quality, management
automation
Network traffic filteringFirewalls, packet filtering,
and traffic analysis:
iptables, pf (BSD), pfSense, Wireshark, tcpdump		possible impact on
performance
in real-time systems		optimizing rules for industrial protocols and smart grid
network traffic
Load
balancing		HAProxy, Traefik,
Seesaw, Balance, MetalLB		complexity of managing
dynamic network load		AI algorithms for adaptive
load management
Physical
security		physical security of end
devices, security of access
to critical infrastructure,
monitoring and surveillance systems, environmental
security		infrastructure dispersion,
vulnerability to infrastructure
sabotage		AI-based early incident
detection systems
Data encryption on end devicesAES, RSA, ECC
algorithms, datagram TLS, noise Protocol, Hardware
Security Modules,
post-quantum
encryption algorithms		limited computing power
of end devices		use of lightweight encryption
algorithms dedicated
to embedded devices, use
of hardware modules dedicated to encryption
Integrity
verification		HMAC-MD5,
HMAC-SHA2,
HMAC-SHA3		MD5 collision potential,
SHA2 and SHA3 require
more computing power		optimization of the SHA2/SHA3 algorithm for low-performance end devices
Source: Own work.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Szczepaniuk, E.K.; Szczepaniuk, H. Cybersecurity of Smart Grids: Requirements, Threats, and Countermeasures. Energies 2025, 18, 5017. https://doi.org/10.3390/en18185017

AMA Style

Szczepaniuk EK, Szczepaniuk H. Cybersecurity of Smart Grids: Requirements, Threats, and Countermeasures. Energies. 2025; 18(18):5017. https://doi.org/10.3390/en18185017

Chicago/Turabian Style

Szczepaniuk, Edyta Karolina, and Hubert Szczepaniuk. 2025. "Cybersecurity of Smart Grids: Requirements, Threats, and Countermeasures" Energies 18, no. 18: 5017. https://doi.org/10.3390/en18185017

APA Style

Szczepaniuk, E. K., & Szczepaniuk, H. (2025). Cybersecurity of Smart Grids: Requirements, Threats, and Countermeasures. Energies, 18(18), 5017. https://doi.org/10.3390/en18185017

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop