Next Article in Journal
Advancing Neurodegenerative Disease Management: Technical, Ethical, and Regulatory Insights from the NeuroPredict Platform
Previous Article in Journal
Ensemble Learning Approaches for Multi-Class Intrusion Detection Systems for the Internet of Vehicles (IoV): A Comprehensive Survey
Previous Article in Special Issue
HECS4MQTT: A Multi-Layer Security Framework for Lightweight and Robust Encryption in Healthcare IoT Communications
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Future Internet
Volume 17
Issue 7
10.3390/fi17070318
futureinternet-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Toward Secure Smart Grid Systems: Risks, Threats, Challenges, and Future Directions

by
Jean Paul A. Yaacoub
1,
Hassan N. Noura
1,*,
Ola Salman
2 and
Khaled Chahine
3
1
Institut FEMTO-ST, CNRS, IUT-NFC, Université Marie et Louis Pasteur, F-90000 Belfort, France
2
DeepVu, Berkeley, CA 94704, USA
3
College of Engineering and Technology, American University of the Middle East, Egaila 54200, Kuwait
*
Author to whom correspondence should be addressed.
Future Internet 2025, 17(7), 318; https://doi.org/10.3390/fi17070318
Submission received: 9 June 2025 / Revised: 30 June 2025 / Accepted: 9 July 2025 / Published: 21 July 2025
(This article belongs to the Special Issue Secure Integration of IoT and Cloud Computing)
Browse Figures
Versions Notes

Abstract

The evolution of electrical power systems into smart grids has brought about significant advancements in electricity generation, transmission, and utilization. These cutting-edge grids have shown potential as an effective way to maximize energy efficiency, manage resources effectively, and enhance overall reliability and sustainability. However, with the integration of complex technologies and interconnected systems inherent to smart grids comes a new set of safety and security challenges that must be addressed. First, this paper provides an in-depth review of the key considerations surrounding safety and security in smart grid environments, identifying potential risks, vulnerabilities, and challenges associated with deploying smart grid infrastructure within the context of the Internet of Things (IoT). In response, we explore both cryptographic and non-cryptographic countermeasures, emphasizing the need for adaptive, lightweight, and proactive security mechanisms. As a key contribution, we introduce a layered classification framework that maps smart grid attacks to affected components and defense types, providing a clearer structure for analyzing the impact of threats and responses. In addition, we identify current gaps in the literature, particularly in real-time anomaly detection, interoperability, and post-quantum cryptographic protocols, thus offering forward-looking recommendations to guide future research. Finally, we present the Multi-Layer Threat-Defense Alignment Framework, a unique addition that provides a methodical and strategic approach to cybersecurity planning by aligning smart grid threats and defenses across architectural layers.

1. Introduction

Smart grids are sophisticated, interconnected electrical power systems that incorporate cutting-edge modern technologies, such as sensors, smart meters, cyber–physical systems (CPSs), IoT devices, and control systems via communication networks to improve the availability, operability, sustainability, reliability, and efficiency of electrical transmission and distribution. One of their key benefits is improving energy management and grid resilience by implementing eco-friendly systems that produce the needed electricity with low carbon emissions. Smart grids have many benefits. However, there are always new safety and security concerns and challenges, mainly due to the smart grid’s complex connectivity. This makes smart grids vulnerable to a wide range of cyber–physical attacks, including malware infections, unauthorized access, security breaches, Distributed Denial-of-Service (DDoS) attacks, and False Data Injection (FDI) attacks. These attacks can result in power outages, disruptions, or interruptions of vital infrastructure services, or even physical harm. As a result, robust security measures are essential to protect the infrastructure of any smart grid, including access controls, encryption, intrusion detection, risk assessments, vulnerability testing, and incident response plans, to effectively identify and mitigate these potential threats. Safety is another issue surrounding the smart grid critical infrastructure and requires mitigating risks associated with physical hazards, electrical accidents, aging equipment, and operational failures. Maintaining safety requires regular safety checks, constant updates, compliance, and thorough risk assessments. Therefore, prioritizing smart grid safety and security can ensure the reliability, resilience, and trustworthiness of renewable energy sources, facilitating the adoption of sustainable and efficient future electrical power systems. This is particularly true, given that the smart grid system represents a major technological advancement that addresses the challenges of updating the electrical grid and meeting the demands of an expanding population. The Multi-Layer Threat-Defense Alignment Framework (MLTDAF), presented in this article as a unique contribution, maps threats and corresponding defenses to each architectural layer of the smart grid, thereby bridging the gap between current attack categories and actual implementation. This framework offers a scalable and dynamic model to inform the design of security architectures and threat mitigation strategies.
Traditional power grids have evolved into intelligent, data-driven infrastructures that enhance sustainability, efficiency, and reliability due to the increasing adoption of smart grid systems. To gather and share vast amounts of data in almost real time, these systems primarily rely on sophisticated sensors, communication, and computational capabilities, particularly in smart metering applications. However, this increased data availability raises additional privacy concerns, specifically around consumer behavior profiling, location monitoring, and unauthorized access to personal energy usage habits. These flaws leave the system vulnerable to wider cybersecurity risks in addition to data breaches. This paper emphasizes strategic, evidence-based analysis of high-risk attack vectors to support more focused security architectures. As a result, the purpose of this study is to investigate the state of cybersecurity in smart grids through an analysis of the latest developments in secure communication protocols, cryptography techniques, and anomaly detection systems. To provide a deep understanding of the existing solutions, their challenges, and the potential for future research in creating a safe and privacy-aware smart grid environment, special attention is paid to AI/ML-based approaches, embedded technologies, and cryptographic techniques.

1.1. Problem Formulation

Despite the presence of various cryptography- and non-cryptography-based algorithms, as well as protocols and solutions, the components of a smart grid remain vulnerable to security threats and vulnerabilities. Therefore, it is essential to continually monitor these systems and devices to enhance safety and security by developing new security standards, strategies, and technologies, particularly those based on machine learning, and introducing tamper-resistant equipment to ensure protection against physical attacks. Moreover, as renewable energy sources are being integrated into the smart grid domain, protecting and securing them will not only protect the grid but also the environment through combating climate change [1].

1.2. Motivation and Contributions

Considering the crucial role smart grid systems play in controlling essential infrastructure, any compromise in their security or system failure can have severe consequences for public safety and security. Besides causing physical damage, such incidents can also lead to significant harm and loss of life for individuals. Therefore, it is crucial to address these risks by identifying and understanding various threats, vulnerabilities, and attacks that would jeopardize the smart grid’s stability and security. Recognizing the need for enhanced security measures, this work focuses on developing a comprehensive list detailing these threats, aiming to safeguard data integrity and privacy within the smart grid domain. This requires protecting sensitive information from unauthorized access or exploitation, which is crucial in preventing identity theft and data leaks. In particular, this work contributes to the security and safety of smart grids by achieving the following security objectives, which must be integrated into smart grid systems and devices to accomplish the required protection and prevention against cyber–physical risks and attacks:
  • Maintaining Security Goals: Essential to maintain availability by not interrupting power supplies and disrupting the supply chain integrity. This can be achieved by maintaining secure communication networks and channels, as well as ensuring confidentiality by protecting users’ data and implementing privacy-preserving measures.
  • Advanced Security Analysis: By presenting the most prominent security threats, vulnerabilities, attacks, and challenges, as well as the impact and risk of the occurrence of these attacks, especially against the smart grid’s critical infrastructure.
  • Automated Security Measures: By presenting several types of reactive and preventive security measures and countermeasures and analyzing them to show how large and hybrid smart grid systems and devices are protected.
  • Dynamic Study: By studying and analyzing both cryptography and non-cryptography solutions that maintain the security and resiliency properties of smart grid systems.
This work selectively emphasizes the most impactful and under-addressed threats in the literature, thereby prioritizing actionable insights for researchers and system designers.

1.3. Related Work

This subsection provides a concise summary of each study’s key findings and contributions, offering a broad overview of the current state of smart grid cybersecurity research. Our work contributes to the evolving field of smart grid cybersecurity, building upon the foundational insights provided by recent surveys and reviews. While Ding et al. [2] categorize cyber threats and propose future research directions, Sahani et al. [3] explore machine-learning-based intrusion detection. In contrast to Mohassel et al. [4], who focus on the integration of advanced metering infrastructure (AMI), our study also focuses on novel security protocols for real-time data protection. Addressing gaps identified by Lazaro et al. [5] regarding communication vulnerabilities, we propose adaptive encryption techniques to enhance system resilience. Moreover, unlike Jokar et al. [6], who emphasize data privacy challenges, our research integrates robust encryption algorithms to safeguard sensitive information. Building on Tufail et al.’s [7] mitigation strategies, our approach leverages machine learning for anomaly detection, enhancing proactive defense mechanisms. Finally, similar to Nafees et al. [8], we emphasize cyber–physical situational awareness, innovating in response strategies to combat sophisticated operational technology attacks. In summary, our study presents an updated and advanced version of smart grid cybersecurity, integrating cutting-edge technologies and methodologies to address emerging threats and vulnerabilities. It distinguishes itself by offering a targeted synthesis of the most pressing threats in contrast to broader surveys, which often dilute technical specificity.

1.4. Organization

The remainder of the paper is structured as follows. Section 2 presents the background, which covers the application of the smart grid in IoT, the advantages of smart grid technology, and the various types of smart grid communication. Section 3 highlights and analyzes the limitations and challenges of the smart grid. Section 4 lists and discusses the smart grid’s threats and vulnerabilities. In Section 5, the most prominent smart grid security attacks are presented and analyzed, identifying their types and sources. In Section 6, the smart grid’s risks are identified, assessed, evaluated, and mitigated. In Section 7, the existing security solutions are presented and analyzed, including cryptographic and non-cryptographic solutions, as well as forensics, ethical hacking, Generative Adversarial Networks (GANs), and Large Language Model (LLM)-based security and privacy solutions. Section 8 presents the proposed framework. Section 9 gives the recommendations and the lessons learned. Section 10 offers insights into the future research directions. Finally, Section 11 concludes this work.

2. Background and Preliminaries

The IoT integrates smart grids as modern electrical networks rely on digital communication technologies and devices to collect and analyze data in real time. This integration, depicted in Figure 1, enables energy suppliers to facilitate the grid integration of renewable sources, allowing for real-time control and monitoring of energy consumption and usage [9]. It enhances their energy management through informed decision-making, improving the grid’s resiliency and reliability while reducing consumer costs [10]. In this section, the application of the smart grid in IoT is presented, along with the advantages of smart grid technology and the most commonly used communication types.

2.1. Smart Grid Application in IoT

The integration of smart grids with the IoT is achieved by deploying sophisticated sensors, smart meters, and linked devices that provide bi-directional communication and complete, real-time monitoring throughout the electrical grid. IoT devices gather detailed information about grid health, voltage levels, and energy usage. This information is sent to centralized SCADA systems for analysis and decision-making via protocols such as Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP). Demand response optimization, accurate load balancing, and the smooth integration of distributed energy resources (DERs) like wind turbines and solar panels are all made possible by this integration. Furthermore, IoT-enabled smart grids utilize machine learning algorithms for anomaly detection and predictive maintenance, enhancing grid resilience and dependability by anticipating and addressing potential errors or inefficiencies [11]. One important IoT application is the smart grid, which can be used in several IoT domains. Figure 2 shows examples where a smart grid is integrated into the IoT domain to improve its energy efficiency and maintain its sustainability and availability while reducing carbon emissions and energy costs.
The integration of IoT into the smart grid transforms traditional power systems into intelligent, efficient, and resilient networks as described in Table 1. It empowers utilities and consumers with real-time information and control, facilitates the integration of renewable energies, and enhances the overall performance and sustainability of the energy ecosystem while reducing carbon emissions and energy costs. The application in IoT presents several advantages, which are outlined below.

2.2. Advantages of Smart Grid Technology

Incorporating smart grid technology in the IoT domain brings a variety of advantages that boost the Industrial IoT domain, especially with the quick shift from Industry 4.0 to Industry 5.0 [12,13,14,15]. Some of these advantages are listed in Table 2. These advantages are categorized into different classes, each representing a distinct aspect of smart grid improvement. The descriptions outline the key features and benefits associated with each class, including aspects such as energy management, asset management, reliability, efficiency, renewable energy integration, grid planning, safety and security, electric vehicle (EV) integration, modernized technologies, real-time detection and isolation, network performance, and energy distribution. This classification helps organize and understand the various ways smart grid technology can be enhanced to improve energy management, grid reliability, and overall performance. Next, the well-known types of smart grid-related communication are presented.

2.3. Smart Grid Communications

Smart grids use different communication types to ensure efficient and reliable data exchange [16] and fulfill security requirements [17]. In addition, smart grids utilize various technologies to connect home appliances with smart meters, enabling the identification of power consumption and the transmission of details to the server for calculations and billing [18]. Also, smart grids use two-way communications to maintain connectivity between their different components, including digital technologies, advanced sensing meters, and critical infrastructure [19] to offer improved, secure, and safe optimization and operationality of all of its components, including generation, transmission, distribution, and stakeholders [20,21]. Table 3 presents a set of possible communication types and technologies that can be employed in smart grids. In the next section, the main limitations of smart grids are presented and discussed, including both security-related and non-security-related challenges.

2.4. Mapping IoT Technologies

The Smart Grid Architecture Model (SGAM) [25] organizes a smart grid into five domains: DER, Generation, Transmission, Distribution, and Customer Premises (see Table 4), as well as several interoperability layers, including the Component, Communication, Information, Function, and Business layers [26]. The Customer Premises and DER domains, where smart meters, home energy management systems, and local controllers are frequently installed, are where IoT technologies are primarily incorporated in this context. Lightweight communication technologies, such as MQTT, CoAP, and Zigbee, are typically supported by these domains. The Transmission and Distribution domains [27], on the other hand, still largely rely on conventional SCADA systems and industrial communication standards, such as IEC 61850 [28], Modbus [29] and DNP3 [30], where flexibility is often subordinated to real-time performance and deterministic communication. This domain-specific perspective helps to steer the right technology selection and prevent overgeneralization by enabling a more accurate mapping of IoT applications in smart grids [31].

Smart Grid Interoperability Layers

SGAM establishes a tiered structure to facilitate the smooth integration and interoperability of various smart grid components and services (see Table 5). The component, communication, information, function, and business layers are the five main layers of this architecture. Together, these layers facilitate the integration of IoT technologies at both the strategic and operational levels of the smart grid, each playing a distinct role in providing safe, scalable, and standards-compliant grid operations.
The component layer comprises the hardware assets and physical equipment that make up the smart grid, including substations, sensors, smart meters, control units, and DER components [32]. It provides real-time data capture and control by establishing the physical infrastructure on which IoT devices function. Since physical tampering or malfunction might cause the entire system to malfunction, it is imperative to provide security and resilience at this layer. The communication layer specifies the communication technologies, networking protocols, and media (both wired and wireless) used to transfer data throughout the grid [26]. Protocols such as IEC 61850, DNP3, Modbus, Zigbee, and LTE are widely used, depending on the domain and application. This layer is crucial to IoT technologies as it enables low-latency, secure, and dependable data flow between systems and devices. The information layer manages the syntactic rules, semantics, and data models that organize and interpret the data that is transferred [33]. It guarantees that information from various devices and fields is consistent, comprehensible, and useful for processing. This layer is essential to enabling analytics and machine-to-machine interoperability in an IoT-enabled smart grid. The function layer reflects the application logic and services, such as demand-response functions, forecasting, control algorithms, and grid monitoring, that use data to make operational decisions [34]. It connects unprocessed data with useful procedures, frequently with the help of AI/ML models for optimization. IoT integration provides automation and distributed intelligence at the grid’s edge. Finally, the business layer addresses the strategic, financial, and regulatory aspects of smart grid operations, including energy trading, billing, stakeholder relations, and compliance [35]. It analyzes information and performs tasks related to generating value and providing services. This layer is enhanced by IoT, which facilitates new business models such as dynamic pricing, real-time service adaptation, and prosumer energy exchange.

2.5. Smart-Grid-Based Cybersecurity Standards

The integration of demand response systems, DERs, and two-way communication infrastructures has a growing impact on the cybersecurity posture of contemporary power systems (see Table 6). International regulatory organizations have established and upheld a number of technical standards to guarantee safe and dependable functioning. This subsection examines the most common cybersecurity frameworks and standards that regulate the security of smart grids, emphasizing how they are used in controllable and dispersed settings.
Table 4. Smart grid domains and IoT integration.
Table 4. Smart grid domains and IoT integration.
DomainRoleIoT Use LevelProtocol
Examples		Use CasesKey
Characteristics		AdvantagesLimitationsDrawbacksMitigation
DERsDecentralized generation and storage; enhances resilience and flexibilityHighMQTT, CoAP, 6LoWPANReal-time DER monitoring and control; grid balancingDecentralized, bidirectional, edge-drivenEnhances grid resilience and energy independenceComplex coordination and data managementHigh integration cost; intermittency issuesUse of edge AI and robust data standards
Distributed Power GenerationCentralized electricity production for large-scale supplyModerateModbus, DNP3Predictive maintenance, integration of renewablesCentralized, high-output, time-sensitiveIncreases efficiency and integrates renewablesLegacy systems hinder modernizationInflexibility; high maintenance needsGradual digital retrofitting, hybrid systems
Distributed Power TransmissionHigh-voltage electricity transmission across regionsLowIEC 61850, SNMPGrid health monitoring, fault localizationHigh-voltage, wide-area, latency-sensitiveImproves reliability and real-time decision-makingLow IoT penetration and high security riskCyberattack vulnerability; signal delaysImplement secure protocols and redundant links
Power DistributionMedium/low-voltage electricity delivery to end-usersModerate-HighDLMS/
COSEM, IEEE 802.15.4  [36]		Outage management; automated reconfigurationDynamic, distributed, consumer-nearReduces outage durations and supports automationScalability and communication reliability issuesInfrastructure upgrade cost; fragmented standardsMesh networking; standardized frameworks
Customer PremisesEnd-user interaction, consumption monitoring, and demand responseVery HighZigBee, Wi-Fi, LoRaWASmart metering; energy efficiency feedbackUser-centric, high data granularityEmpowers consumers and reduces peak loadPrivacy concerns and data overloadUser resistance, variable connectivityData anonymization and user-centric designs
Table 5. Smart grid interoperability layers.
Table 5. Smart grid interoperability layers.
LayerDescriptionRoleIoT Use LevelDomain(s)ExamplesUse CasesKey
Characteristics		AdvantagesLimitationsDrawbacksMitigation
ComponentRepresents the physical devices (sensors, actuators, smart meters, etc.) involved in the smart gridEnables monitoring and control through data acquisitionHighAll smart grid domainsSmart meters, sensors, actuatorsLoad monitoring, outage detectionPhysical, hardware-centric, low latencyEnables real-time data collection and actionDevice tampering, hardware faultsRequires secure deployment and maintenanceUse tamper-resistant designs, regular inspections
CommunicationFocuses on the data exchange mechanisms and communication technologies used between componentsEnsures reliable, real-time communication across grid infrastructureHighAll smart grid domainsZigbee, Wi-Fi, 5G, LoRaWANDemand response, meter readingReal-time, scalable, heterogeneousFacilitates low-latency, high-throughput communicationSusceptibility to cyberattacks, protocol mismatchRequires strong encryption/
authentication schemes		Adopt end-to-end encryption, protocol harmonization
InformationDeals with the semantics and formats of the data being exchanged between systemsGuarantees consistency and interoperability of exchanged dataModerateAll smart grid domainsCIM (Common Information Model), XML, JSONData sharing between grid entitiesSemantic consistency, interoperabilitySupports efficient data integration and sharingSemantic gaps, data format inconsistenciesHigh complexity in standard adoptionStandardize data formats, middleware solutions
FunctionIncludes control logic, services, and functionalities that enable smart grid operationsProvides decision-making and automation in grid operationsModerateDER, DistributionSCADA logic, distributed control systemsVoltage regulation, predictive maintenanceRule-based, autonomous, service-orientedImproves grid automation and responsivenessComplexity in logic design and coordinationDifficult to update in distributed environmentsEmploy AI-based monitoring and self-healing systems
BusinessEncompasses market and policy aspects, business models, and regulatory requirementsAligns business goals and strategies with technical operationsLowBusiness LayerRegulatory policies, pricing algorithmsDynamic pricing, energy tradingPolicy-driven, decision-supportiveAligns technical and business goalsSlow adaptation to tech changesDependent on external policy evolutionIntegrate flexible, modular policy management
Table 6. Cybersecurity standards for smart grids.
Table 6. Cybersecurity standards for smart grids.
StandardPurpose and FocusIntegration in Smart GridsSecurity DomainsAdvantagesLimitationsKey ChallengesSuggested
Improvements
NERC CIP [37]Cybersecurity enforcement for Bulk Electric Systems (BESs), central systemsApplied to centralized control systems, limited DER coveragePolicies, access control, system configuration, perimeter securityRegulatory mandate; detailed protection directivesLimited edge-device or DER supportAdapting to dynamic and distributed architecturesExpand scope to include DERs and demand-response systems
IEEE 2030 [38]Layered cybersecurity architecture, modular deployment, and interoperabilitySupports microgrids, DERs, EVs, and energy storage systemsCyber–physical coordination, multi-layer defensePromotes standardization and modular security designComplex for SMEs or small-scale deploymentsDeployment complexity in fragmented environmentsSimplify architecture models and promote open API frameworks
NIST SP 800-82 [39]Security guidelines for ICS, supports AI integration and resilience planningCovers ICS/SCADA within smart grid infrastructureAsset identification, risk modeling, defense-in-depth, anomaly detectionAdaptable to AI/ML integration, flexible implementationRequires interpretation, not always plug-and-playOperationalizing guidelines in legacy ICS settingsDevelop plug-and-play security templates for ICS environments
ISO/IEC 27001 [40]ISMS framework bridging IT and OT securityUsed for power generation, automation systems, and distributed field operationsData classification, access control, information flow, incident handlingGlobally recognized framework, cross-domain applicabilityGeneric and high-level, not tailored to energy sectorHigh implementation overhead and training requirementsCustomise ISMS models for smart grid-specific scenarios
IEC 62351 [41]Secure communication protocols for power systems, particularly SCADASecures communication in SCADA and substationsAuthentication, encryption, key management, RBAC, secure loggingEstablished protocols for SCADA and energy communicationLimited TLS/IPsec support, slow to updateLegacy system support and backward compatibilityUpdate encryption schemes, enable secure retrofitting options

2.5.1. NERC CIP

The North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) is very robust for centralized systems. However, it is less suitable for dynamic, distributed edge environments such as DERs or residential demand-response platforms [42]. Nonetheless, its standards enforce cybersecurity practices for Bulk Electric Systems (BESs) while including key directives such as CIP-003 [43] for cybersecurity policies, CIP-005 [44], for electronic security perimeters, CIP-007 [45] for system security management, and CIP-010 [46] for configuration and vulnerability management [47].

2.5.2. IEEE 2030

IEEE 2030 is a standard that focuses on the implementation of layered cybersecurity architecture and modular deployment to ensure alignment with IEEE 1547 [48], IEC 61850, and IEC 62351, thus promoting interoperability and cybersecurity in smart grid systems such as microgrids, distributed generation, and energy storage, as well as EV infrastructure. However, its adoption remains a challenge that persists in small-scale systems due to deployment complexities [49].

2.5.3. NIST Special Publication 800-82

The NIST Special Publication 800-82 (NIST SP 800-82) offers security guidelines and standards for Industrial Control Systems (ICSs), including smart grid infrastructure [50]. These guidelines and standards are essential in integrating AI-enhanced security tools and aligning system monitoring with critical infrastructure resilience goals. Its framework supports asset identification and categorization, risk-based system modeling, defense-in-depth methodologies, and real-time anomaly detection [51].

2.5.4. ISO/IEC 27001

ISO/IEC 27001 [52] establishes a general framework for an Information Security Management System (ISMS) as its standard helps bridge the security concerns of Information Technology (IT) and Operational Technology (OT), which is critical for controlling hybrid smart grid environments. It can also be applied in various parts of the energy sector, including power generation systems, control and automation technologies, and distributed field operations [53].

2.5.5. IEC 62351

The IEC 62351 series addresses security measures for power system communication protocols, specifically those that surround the standards of IEC 60870-5 [54], IEC 61850, and DNP3. This offers confidentiality, integrity, and authentication across SCADA communications yet lacks support for modern security protocols such as TLS or IPsec. Its specifications cover message authentication and encryption, secure key management, Role-Based Access Control (RBAC), and secure logging and auditing [55].

2.6. Beyond IoT Technologies

Aside from IoT, numerous major technologies enhance smart grid security by increasing flexibility, enabling real-time processing, and providing adaptive defense mechanisms. Their functions, characteristics, and contributions to the security of smart grid environments are presented below (see Table 7).

2.6.1. Edge Computing

Edge computing enhances smart grid security by enabling local, real-time data analysis and response at substations and energy devices, thereby minimizing reliance on centralized systems that are susceptible to latency or attack [56]. The decentralization of detection and response capabilities enhances system resilience [33]. Edge computing enables IoT sensors and meters to optimize fault isolation, energy routing, and intrusion detection close to the source by allowing these devices to not only gather data but also respond instantly [57].

2.6.2. Fog Computing

Fog computing serves as a link between cloud systems and edge devices, creating a safe intermediate layer through which data can be gathered, filtered, and analyzed geographically [58]. In terms of smart grid security, it enables synchronized anomaly detection and threat response across distributed zones. Fog computing enhances IoT performance by mitigating central system overload, enabling load prediction, behavior modeling, and threat pattern detection on a larger scale when connected to IoT nodes [59].

2.6.3. Software-Defined Networking

Software-Defined Networking (SDN) improves the security of smart grids by providing centralized, programmable control over network flows [60]. This enables dynamic rerouting in the event of network congestion or security breaches. To guarantee that vital energy processes continue, it separates hacked parts and optimizes traffic. SDN provides fine-grained control over device communication pathways when used with IoT networks, thus lowering attack surfaces and enhancing grid scalability and efficiency in general [61].

2.6.4. Network Function Virtualization

NFV stands for Network Function Virtualization and offers an adaptable and economical way to implement essential network security features, such as firewalls or intrusion detection systems, on-demand across smart grid infrastructures without requiring additional physical installations [62]. NFV enables security services, when used in conjunction with IoT, to track distributed or mobile IoT nodes, providing scalable services such as remote diagnostics or secure energy trading, as well as adaptive protection [63].

2.6.5. Digital Twins

Digital twins enhance smart grid security by providing a continuously updated virtual replica of physical infrastructure, enabling predictive analysis, vulnerability simulation, and proactive maintenance [64]. This technology enables utilities to simulate security breaches and fine-tune their actions without putting actual assets at risk. Digital twins provide a synchronized view of grid conditions when provided with real-time data from IoT devices. This enhances operational planning and anomaly detection accuracy and facilitates quick decision-making [65].

3. Limitations and Challenges

Despite smart grid systems offering numerous potential benefits, including increased efficiency, reliability, and sustainability in electricity transmission and distribution, they remain vulnerable to several security-related and non-security-related limitations and challenges, as illustrated in Figure 3. In what follows, we discuss these limitations and challenges.

3.1. Smart Grid Limitations

In addition to the limitations discussed in [66,67], Table 8 describes other security-related and non-security-related limitations.

3.1.1. Security-Related Limitations

Smart grid security constraints highlight situations where systems are susceptible to ransomware, malware, and DoS attacks, which can compromise sensitive data and disrupt operations. The intricacy and interconnection of grid components create multiple entry points for potential attackers, and weak authentication procedures and inadequate encryption in communication protocols can result in illegal access and data breaches [17]. In particular, note the following:
  • Cyberattacks can compromise operational integrity by disrupting critical infrastructure, manipulating data flows, and potentially causing widespread service outages, highlighting the vulnerability of interconnected digital systems to malicious exploitation [68].
  • Weak authentication allows unauthorized access to critical control systems and sensitive data, posing significant risks of malicious manipulation, unauthorized control over grid operations, and potential disruption of essential services. As a result, robust authentication protocols are critical in securing infrastructure [69].
  • Weak cryptography exposes sensitive data and communications to unauthorized interception, manipulation, and exploitation by malicious actors, compromising the confidentiality, integrity, and availability of critical information and operational processes within the grid infrastructure. This requires strong encryption standards to mitigate these risks effectively [70].
  • Data disruptions compromise real-time monitoring, decision-making, and system reliability. Breaches in data integrity can lead to incorrect operational decisions and system failures, while compromised privacy can expose consumer information, undermining trust and regulatory compliance. As a result, robust data protection measures and secure data handling practices are essential in smart grid operations [71].
  • Insider threats include the misuse of credentials to manipulate data, disrupt operations, or steal sensitive information, posing significant risks to grid security and reliability. Effective monitoring, access controls, and employee training are essential to mitigate these insider threats and maintain the smart grid’s data integrity [72].
  • Physical breaches lead to disruptions in power supply, equipment damage, and potential safety hazards for personnel and the public, emphasizing the importance of robust perimeter security, surveillance systems, access controls, and resilience planning in safeguarding critical infrastructure against physical threats [8].

3.1.2. Non-Security-Related Limitations

The high initial deployment costs and the difficulty of integrating new technologies into the current infrastructure, which might cause compatibility concerns, are two non-security-related constraints of smart grids [73]. Furthermore, complex data management and analytics skills are required to handle the massive volume of data generated by smart grids, which presents significant processing and storage challenges. Other solutions can be included too [67].
  • Financial issues may prove to be a constant limitation, especially since the cost of implementing a smart grid system and maintaining its infrastructure can be high. Without proper funding and sponsorship, some facilities, utilities, plans, and projects may be delayed or canceled due to a lack of investment.
  • Maintenance issues are another limitation since smart grid systems require regular maintenance and scheduled inspections to maintain their operational effectiveness. However, this proves to be a problem, especially in modernizing them due to aging equipment that causes constant equipment failure.
  • A communication bottleneck may occur as smart grid systems heavily rely on communication networks to constantly transmit data and control electricity flow in real time. This already creates a burden that may affect network performance and cause a communication bottleneck. Also, any disruptions will surely cause a significant problem and result in the disruption and interruption of smart grid services.
  • Integration issues due to the complex structure and heterogeneous nature of smart grid systems and IoT devices, which require different deployment and integration approaches, prove to be a significant limitation.
  • Affected Manpower is another potential problem: with the rise of machinery and the reduction in human labor, stakeholders may be reluctant to adopt smart grid technologies due to concerns about job losses and salaries.
  • Energy storage may prove to be a problem due to the cost and technical limitations that surround the energy storage capacities to manage intermittent renewable energy sources, especially in terms of safety, security, and performance. For example, Photovoltaic (PV) systems and EVs, while providing significant benefits in terms of sustainability and distributed energy production, are strongly reliant on efficient energy storage systems and seamless integration with grid infrastructure. The bi-directional energy flow resulting from PV energy injection and EV charging/discharging cycles can overburden local distribution networks. This results in voltage instability and produces asynchronous energy supply–demand dynamics if appropriate integration solutions are not employed. Furthermore, if legacy infrastructure is ill equipped to provide the necessary security services, these technologies create new attack surfaces and communication vulnerabilities when combined with IoT for real-time monitoring and control. Therefore, PV and EV technologies present important operational and cybersecurity concerns that need to be taken into consideration during system planning, design, and deployment, even though they are not in and of themselves restrictions.
  • Cultural barriers may push some communities away from adopting smart grid technologies due to safety, security, and privacy concerns, especially without reassurance and education.
After presenting these limitations, the challenges are presented next.

3.2. Smart Grid Challenges

Smart grid challenges are based on security and safety obstacles and complexities surrounding the deployment and development of the smart grid infrastructure, as well as the development and deployment of its systems. These challenges are often the result of integrating advanced technologies, maintaining infrastructure, and implementing upgrades. Table 9 presents a set of existing challenges that can be divided into three categories: security-based challenges, safety-based challenges, and additional challenges, with their respective challenges listed under each category. The first two categories are described below.
  • Security-based challenges: These cover risks and vulnerabilities associated with securing the smart grid infrastructure by using cyber–physical security means to protect and preserve data privacy [74] and prevent unauthorized access [75]. Other security measures include ongoing network, system, and device behavior monitoring, risk assessment using cryptography and non-cryptography solutions, and robust security controls [69,76].
  • Safety-based challenges: These depend on demanding tasks to guarantee the secure management, upkeep, and operation of the smart grid system, which prove to be very challenging, especially with the deployment of advanced grid technologies and systems [77]. Other safety challenges include the following. The integration of DER introduces bidirectional power flows, which can challenge conventional protection systems that were designed for unidirectional current [78]. This may lead to unintended power circulation, difficulties in fault detection, and potential islanding during outages. To mitigate this, adaptive protection mechanisms, directional relays, and standards like IEEE 1547 [79] are essential to ensure safe DER–grid interaction. The likelihood of configuration mistakes, operator overload, and cascading failures during anomalous events also increases with the increased system complexity [80]. This requires sophisticated automation technologies, streamlined system designs, and intensive training for operational staff. Failures in communication networks are the result of communication between control centers, substations, and field devices being uninterrupted in real time for smart grid activities to function [81]. Whether intentional or unintentional, a breakdown in these communication channels could compromise grid stability, lead to inaccurate actuation, or delay decisions. Mitigation strategies include network redundancy, real-time monitoring, and fallback methods that allow autonomous local control during interruptions. Security breaches often occur when attackers modify control orders, sensor data, or protection logic in smart grids, leading to cybersecurity vulnerabilities that directly translate into safety hazards [17]. Such violations could result in equipment damage or power outages by disabling fail-safes or establishing hazardous operating conditions. Protecting safety functions requires enhancing security through the use of intrusion detection systems, encryption, authentication, and security-by-design procedures. Interoperability issues with protection systems occur when devices from various suppliers are frequently integrated into smart grid environments, even though they may not have the same operational logic or communication protocols [82]. Due to a lack of interoperability, protection responses may be delayed or fail to activate during hazardous situations. To guarantee dependable, coordinated protection across systems, standardized communication protocols such as IEC 61850 must be adopted, and extensive integration testing must be performed.
Addressing these challenges requires close collaboration and coordination among smart grid stakeholders to guarantee the safety, security, and reliability of the electrical system [83]. This also includes implementing appropriate risk management and mitigation strategies using proactive approaches, including safety protocols, regular maintenance, scheduled physical infrastructure updates, upgrades, and effective emergency response planning [84]. As a result, key safety challenges arise when considering the human factor, which can be the primary reason for this challenge.
As a result of these limitations and challenges, many threats arise, which are described in the next section.
Table 9. A set of existing challenges in smart grids.
Table 9. A set of existing challenges in smart grids.
CategoryChallengesDescription
Security-basedAdvanced Persistent Threats (APT)Remain the most dangerous challenge, especially with zero-day exploits and attacks. This makes it extremely difficult to detect and mitigate this threat, which can cause a significant interruption of the smart grid’s services.
Insider ThreatRecruiting operators without proper background screening seems challenging since they can freely operate without monitoring or accountability while conducting malicious information gathering, sabotage, or espionage. However, what seems to be more challenging is finding the right security measures to mitigate this risk.
Security-basedPhysical Security ChallengesThis requires protecting smart grid devices, systems, transmission lines, and transformers, which is a challenging task, not only in terms of cost but also in terms of deploying proper security measures and intrusion detection alarms.
Budget IssuesThe cost to implement, deploy, and maintain a smart grid security program can be costly, which can cause financial problems for stakeholders with limited smart grid capabilities, which makes them abandon the plan and accept the occurrence of the risk as it will be cheaper.
Lack of Uniform Security StandardsThis is frequently caused by the complexity of the various types of heterogeneous devices and systems in the smart grid, making it difficult to apply the same security practices and deploy uniform security measures.
Legal ChallengesThis is mostly affiliated with cross-border challenges since securing the smart grid’s infrastructure requires coordination and jurisdictions among all the involved countries, which often creates challenging legal and regulatory requirements, especially regarding collaborative security and information sharing.
Resilience and Recovery ChallengesIn case of a cyber–physical attack or natural disaster, the smart grid must have the ability to withstand disruption or interruption of services, with the ability to recover. This proves challenging due to the complex number of security and safety threats and the likelihood of their occurrence.
Safety-basedPublic Health ChallengesThe installation of certain renewable energy technologies close to residential areas negatively impacts human health and animals [85]. The challenge is based on the level of risk exposure to their emission and radiation and the safe distance needed to evade them. Finding a solution to reduce their emission and radiation remains a key challenge.
Electromagnetic RadiationIf not well studied and regulated, it proves to be a challenge since smart-grid systems rely on wireless communications, which emit electromagnetic radiation that can potentially cause a health risk to humans and animals alike, especially if the exposure area is high and in the presence of individuals with certain medical conditions.
Electrical HazardsThis remains challenging since they can target workers/operators and the public. They are linked to fire, electric shock, electrocution, and arc flash, which can release hazardous materials and radiation.
AdditionalPrivacy ChallengesMore particularly, data privacy, which is frequently compromised in smart grid applications, especially when transferred in real time. This often proves to be a safety and security challenge since the disclosure of information can expose operators and public personnel.
Cyber–Physical ChallengesThe cyber part is frequently linked to a cyberattack that interferes with the smart grid’s performance. As for the physical part, it is more prone to physical damage such as vandalism, theft, or terrorism. Securing them proves to be challenging since it requires a combined cyber–physical security effort to evade such malicious events.
System Interoperability ChallengesThe presence of complex networks of interconnected systems and device types to ensure effective and safe communications proves to be challenging as it is a critical task to maintain the smart grid’s safety and reliability. If not well established, this may reduce its efficiency and effectiveness.
AdditionalSystem Integration ChallengesThis proves to be a challenge in terms of the safety and security of combining renewable energy sources, such as wind and solar energy, since it is difficult to maintain the smart grid’s stability and reliability, which comes at the cost of public health and safety.
Infrastructure Maintenance ChallengesA certain budget is needed for the smart grid’s infrastructure updates and upkeep. This is due to the aging infrastructure, maintenance, and upgrades becoming more challenging in terms of budget and cost, as well as maintaining the operational, stable, and reliable safety of the infrastructure.
Incident Response ChallengesIncident response requires high emergency preparedness to effectively respond to malicious events (i.e., cyber–physical attacks) or natural disasters. This proves challenging since it requires a readiness for a set of planned scenarios that stakeholders are trained to implement to maintain public safety and reduce the likelihood of loss of human lives and injury.
Data Privacy ChallengesCollecting sensitive customer data, such as energy usage and power consumption, is easy. However, the challenge lurks in protecting the collected data and preserving its privacy, which is difficult due to advanced data breaches and sophisticated cyber attacks.
Environmental ChallengesSurely, the adoption of renewable energy technologies proves to help reduce gas emissions. However, their construction along their transmission lines and substations comes at the cost of a negative impact on wildlife habitats and ecosystems, and this is where the challenge is.

4. Threats and Vulnerabilities

Threats represent potential dangers that could exploit vulnerabilities in a system or network, whether natural or human-made. Vulnerabilities, on the other hand, are weaknesses within a system that can be exploited by threats to carry out attacks. Attacks are actions or exploits by threat actors to compromise a system, often exploiting vulnerabilities to achieve specific goals. Security measures are implemented to mitigate vulnerabilities and prevent or minimize the impact of attacks. Risk, meanwhile, assesses the likelihood of a threat exploiting a vulnerability and the potential impact of such an event. These concepts are deeply interconnected, and effective cybersecurity strategies involve identifying and prioritizing vulnerabilities, assessing potential threats, implementing appropriate security measures, and monitoring for potential attacks to mitigate risk.
Smart grids are susceptible to various threats and vulnerabilities, including human errors, natural disasters, and cyber–physical incidents, which can compromise security, integrity, safety, performance, and functionality. This, in turn, would leave them exposed to data breaches, unauthorized access, service disruptions, or manipulation of grid operations [86,87]. Additionally, smart grids have several weaknesses stemming from a design flaw, which malicious actors can exploit to cause physical damage, data breaches, service disruptions, or manipulation of grid operations [88]. This led to the introduction of the Internet of Vulnerable Things (IoVT) concept in the smart grid [89]. Indeed, the challenge remains in overcoming the obstacles faced during the development, implementation, or operation of a smart grid system due to its complex nature before ensuring an efficient and reliable electricity delivery, as well as the availability, reliability, and safety of the smart grid infrastructure [90]. These threats are divided between security and safety types and are presented next.

4.1. Smart Grid Threats

Security threats refer to potential malicious actions or scenarios that can exploit vulnerabilities in the smart grid. These threats often originate from cybercriminals, cyberterrorists, hacktivists, insider actors, or state-sponsored attackers and include issues such as malware deployment, unauthorized access, and communication disruption. On the other hand, safety threats are derived from physical risks such as equipment failure, natural disasters, or human error, which may lead to public safety hazards or damage to infrastructure. These threats are summarized in Table 10. Threats in smart grids refer to potential risks and vulnerabilities that can affect the system’s safety, security, and reliability (see Table 11). They are divided principally between security-based and safety-based threats as described below.

4.1.1. Security-Based Threats

The security threats to smart grid infrastructure are diverse and evolving. It is crucial for smart grid operators to regularly assess their security posture and implement appropriate measures to mitigate these risks [27]. To address these security threats, smart grid operators must implement a comprehensive security plan, including encryption, access control, intrusion detection, and monitoring. Periodic security audits and employee training are essential to keep a smart grid secure. Regular security audits and employee training are critical to maintaining a secure smart grid. Cyberattacks, such as ransomware, malware, and denial-of-service (DoS) attacks, pose a significant security risk to smart grids as they can disrupt operations, cause blackouts, and compromise data privacy and security. The security of sensitive data and the dependability of the grid are further threatened by physical attacks on equipment as well as flaws in communication protocols.

4.1.2. Safety-Based Threats

This type of threat can cause a severe problem, especially regarding user and equipment safety. Several solutions, such as regularly maintaining and upgrading physical infrastructure and developing effective emergency response plans, can be useful to ensure the smart grid’s safety and reliability [75]. Equipment failures and malfunctions pose a significant safety risk to smart grids as they can lead to electrical hazards, fires, or explosions that could harm individuals and property assets. Natural catastrophes like hurricanes, earthquakes, and floods can also harm infrastructure, posing a risk to public safety and causing long-lasting power outages and blackouts. These threats will surely make the smart grid integration into IoT prone to various vulnerabilities. These vulnerabilities will be presented next.

4.2. Smart Grid Vulnerabilities

Similarly, vulnerabilities within smart grids can be related primarily to security or safety in addition to other possible sources, such as equipment or communication failures, and natural disasters, with many others being named and described in [2]. Furthermore, smart grid security and safety vulnerabilities are diverse, on a constant rise, and include flaws, weaknesses, and potential risks that, in the event of their occurrence [91], can expose the reliability, performance, and security of the smart grid infrastructure (see Table 12). Such occurrences often cause unauthorized access, data breaches, service interruptions, or compromised grid operations [92]. As a result, aside from cryptography and non-cryptography-based solutions, regular testing, employee training, and adherence to industry best practices can also be an ideal mitigation solution [86]. In the following, these different vulnerabilities are described in detail.

4.2.1. Security Vulnerabilities

Security-related vulnerabilities include unauthorized access, manipulation of data, disruption/denial of services, and other malicious activities such as physical tampering and abuse of privilege, which can expose both security and safety operations of smart grid systems and services [93]. These vulnerabilities can target the smart grid’s layers, including hardware devices, software, firmware, and operating systems, communication networks, data storage, and management processes. They can result in manipulating energy generation or consumption data, disrupting grid operations due to false data injection attacks, denial-of-service, or even physical damage to the infrastructure [27]. Industry best practices for security, such as those outlined by the National Institute of Standards and Technology (NIST) and the North American Electric Reliability Corporation (NERC), can also prove useful. In fact, SCADA systems and communication protocols of smart grids are susceptible to zero-day exploits [94] and Advanced Persistent Threats (APTs) [95], which can compromise smart grid security, leading to unauthorized access, data manipulation, and service interruption. IoT device integration further broadens the attack surface by opening the grid to potential exploitation via unpatched firmware, weak authentication methods, and unsecured data transfer channels.

4.2.2. Safety Vulnerabilities

This type of vulnerability includes hazards, accidents, weaknesses, or potential risks surrounding the smart grid infrastructure that can compromise the safety of individuals, equipment, and/or the environment and cause physical harm, property damage, or adverse effects on public safety [96]. They can be the result of design flaws, equipment malfunctions, or human errors and can lead to electrical shocks, fires, explosions, equipment failure [97], or environmental contamination (i.e., radiation such as Chernobyl 1986 and Fukushima 2011 nuclear disasters) [98,99] or cyberattack such as the case of Stuxnet and BlackEnergy malware [100,101]. To address this issue, safety measures can be added, such as continuous system monitoring, safety performance evaluation, regular equipment inspections and maintenance, proper personnel training, emergency response protocols, and resilient risk assessment protocols to achieve electric grid safety and reliability. In fact, the AMI and power management systems of smart grids are susceptible to potential failures that could result in overloading, equipment burnout, and electrical fires [102]. In addition, using complex software algorithms to ensure grid stability raises the possibility of error or malfunction, which could result in dangers such as voltage instability, blackouts, and physical harm to the public and maintenance staff [103].

4.2.3. Equipment Failure

This failure type includes the breakdown or degradation of operations and services, often caused by the malfunction of different parts of the smart grid, including generation plants, transformers, transmission lines, distribution networks, substations, smart meters, and control systems, causing power outages, voltage fluctuations, grid instability, the interruption of operations, and the disruption of services. This often occurs due to aging infrastructure, inadequate maintenance, manufacturing defects, environmental conditions, or electrical faults. This can be mitigated using proactive measures such as redundancy and backup systems, condition-monitoring techniques, regular and scheduled inspections, maintenance, and equipment testing. Electrical fires, overheating, and cascading outages can occur from equipment failures in transformers, circuit breakers, and power inverters in smart grids [104]. Furthermore, the deterioration of aging infrastructure components raises the possibility of mechanical failures that result in expensive repairs and extended service disruptions [105].

4.2.4. Communication Failures

These failures cover both disruption or interruption of the smart grid’s communication channels and protocols for data transmission and receiving, resulting in network congestion, signal interference, delayed or inaccurate response, and the system’s failure to transmit and receive real-time data effectively [5]. This can be mitigated using strong encryption and authentication (multi-factor) protocols, redundant communication paths, fault-tolerant systems, and backup or alternative communication channels [106]. Ineffective power distribution, loss of real-time telemetry and control, and possible blackouts can result from communication failures in smart grids’ SCADA systems and IEC 61850 protocols [107]. Furthermore, grid stability is jeopardized by interruptions in data transmission between grid components via cellular, Wi-Fi, or Zigbee networks. This results in deficient load balancing, delays in fault isolation and detection, and a higher risk of cascading failures [108].

4.2.5. Natural Disasters

These disasters can be the result of severe weather conditions as a result of severe weather conditions such as extreme temperatures, heatwaves, ice storms, sand/desert storms, and high winds or catastrophic events caused by natural forces such as geological changes from seismic activities, such as earthquakes (Chile 2010 [109] and Turkey–Syria 2023 earthquakes [110]), hurricanes (Katrina 2005 [111] and Maria 2017 [112]), tornadoes (Kissimmee 1998 [113], 2008 Super Tuesday tornado [114], and the tornado outbreak of April 2014 [115]), tsunamis (Samoa tsunami 2009 [116], Indian Ocean 2004 [117], and 2011 Tohoku Tsunami [118]), floods (East Africa 2018 [119], North Korea [120], India [121], South East Asia 2011 [122], and China [123]) and wildfires (Victorian Black Saturday bushfires 2009 [124] and Attica Wildfires 2018 [125]). Such events severely affect the smart grid’s functional and operational activities, significantly impacting the grid infrastructure’s resilience, such as physical damage to power lines and substations, underground cables and equipment, transmission and distribution of electricity, and public safety. This can be mitigated using enhanced monitoring and early-warning systems, advanced equipment design and construction, proactive maintenance and vegetation management, integration of microgrids and renewable energy sources, and efficient coordination and communication between grid operators and first emergency/incident responders. However, with the presence of various smart-grid-related vulnerability types, numerous attacks are likely to occur, with some being more frequent and more damaging to the integration of smart grids in IoT. As a result, they will be presented in the following section.

4.2.6. Legacy Devices

Smart grid infrastructures continue to utilize legacy devices, which often lack the firmware architecture or processing power to handle contemporary security protocols [126]. The system is vulnerable due to this backwards compatibility, particularly when these devices are unpatched or unencrypted, requiring isolation, gateway-level security, or low-power cryptography [127].

4.2.7. Human Element

One of the most frequently used attack vectors in smart grid setups remains the human element. Even the most secure architectures can be compromised by social engineering, incorrect setups, and inadequate credential hygiene [128]. Role-based audits, stringent access control, and ongoing security training are, therefore, crucial countermeasures [129].

5. Smart Grid Attacks

Malicious individuals or groups often conduct smart grid attacks with criminal or terrorist intent to disrupt, interrupt, manipulate, and compromise the smart grid’s operational systems and critical infrastructure [130]. These attacks differ depending on their type, impact, and the components they target in the smart grids, including control systems, smart meters, connected devices, communication networks, channels, and many others [131]. The goal of each attack differs from the others as their motivation is to either disrupt the service, gain unauthorized access, manipulate or inject data, conduct espionage, or sabotage and is mainly driven by personal gain. They can often be carried out using various means, such as cyberattacks, physical intrusions, social/reverse engineering, and phishing techniques. Still, they can also be mitigated by implementing resilient security protocols, such as intrusion detection and prevention systems, access restrictions, honeypots, anti-malware solutions, encryption, multi-factor authentication mechanisms, and regular security assessments and updates [32].
This section categorizes the specific attack methods used to achieve these threats by directly exploiting vulnerabilities in smart grid systems. These attacks can be classified based on their nature, coordination, and complexity as seen in Table 13. Each attack type is directly linked back to one or more of the threats outlined in Section 4, providing a structured perspective on how smart grid systems can be compromised in practice.

5.1. Types of Attack

Smart grid attacks can be divided into different types, as shown in Figure 4, and can manifest themselves in various forms, targeting different parts and components of the smart grid infrastructure. Table 14 presents a taxonomy of these main smart grid attack types divided into four categories: visibility, activity, coordination, and sophistication/characteristics.
Another possible taxonomy is based on the nature of attack, coordination and complexity, and persistence. In this case, covert/overt/passive/active/zero-day attacks follow the nature attack category. Simultaneous and separate attacks fall under the coordination category, while APT attacks are categorized by complexity and persistence.

5.2. Attack Source

The attack source refers to the origin of the entity responsible for coordinating attacks on the infrastructure of the smart grid. This covers the origin of hostile activity, such as unauthorized access, directed against the smart grid system, data manipulation, and disruption of services [132]. The attack source can be an individual, a group, an organization, a nation state, or a malicious actor, as shown in Figure 5. Therefore, it is essential to identify, mitigate, and prevent cyber–physical attacks on smart grids. Common attack sources are as follows:
Terrorists and Insurgents: Terrorist groups aim to target smart grid critical infrastructure through methods like suicide bombings (HBIED, VBIED, and motorbike VBIED) [133,134,135] and hit-and-run attacks [136] to destroy or damage civilian and military infrastructures [132].
Malicious Agents: Terrorist organizations use cyber asymmetric warfare, cyberattacks, terrorism [137], and industrial espionage to interfere with smart grids, topple governments, and weaken authority [138]. This causes power outages and other economic disruptions that have a big impact on the region [139]. By attacking or undermining infrastructure, they want to take control of smart grids and use the resulting publicity to draw in new members and media attention [140]. Disrupting smart grids can provide a military tactical advantage by allowing operations to occur in silence, causing confusion, and rerouting security troops to restore order.
Criminal Groups: Cybercriminals use compromised infrastructure to conduct fraud-related operations and launch DDoS or ransomware attacks in an attempt to profit from vulnerabilities in smart grid systems [141]. To cause extensive outages and cascade failures, their attacks target substations by jamming electrical power transmissions [142], manipulating energy usage, tampering with smart meters, and stealing confidential data (e.g., customer information, energy consumption trends, and system configurations). These activities frequently assist illegal activities, including drug trafficking, money laundering, and selling private information to malicious parties [143].
Spies: Foreign intelligence agency spies frequently use sabotage or espionage attacks to disrupt services by targeting smart grid systems. For espionage and counterintelligence reasons, this could involve larger cyber operations to create backdoor access, install malware, and make use of zero-day vulnerabilities (e.g., Titan Rain (2003), Operation Olympic Games (2006), Shadow Network, and GhostNet (2009) [144,145]). Attacks may also be used to achieve geopolitical and strategic goals, such as obtaining an advantage over competitors in the energy security and safety domains.
Hacktivists: As a sort of online political protest, hacktivists try to interfere with smart grid services to voice their disapproval or bring attention to particular issues [146]. They employ strategies that include Distributed Denial-of-Service (DDoS) attacks on control systems, energy distribution manipulation, unauthorized access, and the disclosure of private data. They utilize smart grids as a platform to disseminate their ideology or message, garner media attention, and elicit reactions from the general public.
Military Operations: Military operations can be divided into three main types, including combat operations (mostly overt), cyber operations (mostly covert), and psychological operations (mostly clandestine).
  • Combat Operations: CombatOps (CoOps) involve military showcasing of offensive cyber capabilities to conduct both defensive and offensive operations against smart grids, aiming to disrupt enemy infrastructure and hinder recovery processes. This illustrates targeted attacks on smart grids by compromising control systems and exploiting communication vulnerabilities to achieve strategic objectives, such as impacting morale, disrupting economies, gaining tactical control of infrastructure, masking military operations, and mobilizing forces. Strategic targets such as vital points like ports, oil refineries, power stations, ports, telecommunications, power stations, and bridges to hinder force mobilization, exemplified in conflicts such as Iraq [147,148], Lebanon [149,150], Gaza [151], and West Bank [152].
  • Cyber Operations: CyberOps (CyOps) utilize hacking to attack the smart grid’s cyber–physical infrastructure [153] as a new cyber-warfare concept [154,155], which is similar to cyberattacks on Estonia in 2007, Georgia in 2008 [156], and Ukrainian electricity companies in 2015–2016 using BlackEnergy malware [157,158,159]. Specific incidents include the deployment of the Havex RAT by the Russian APT group “Energetic Bear or Dragonfly” for global cyber espionage targeting energy, defence, and pharmaceutical sectors in the US and Europe [160]. Notable attacks such as Stuxnet (2010), under “Operation Olympic Games”, targeted Iranian nuclear facilities by manipulating Siemens PLCs. NotPetya (2017) [161], followed by the BlackEnergy [162,163], caused widespread damage globally.
  • Psychological Operations: PsyOps use cyber deception [164,165] in conjunction with psychological warfare [166], sabotage, and espionage operations to compromise a nation’s security and resilience [167,168]. One prominent instance is the succession of unexplained fires and explosions that occurred in Iran between 2020 and 2021 and targeted vital infrastructure [169], including events at Parchin military installations as well as other power stations and industrial locations all around the nation. Reminiscent of recent Ukrainian counteroffensive operations, especially on the Donetsk front, propaganda videos such as “Plans Love Silence” emphasized Operational Security (OpSec) [170]. These events demonstrate the merging of CoOps and CyOps into PsyOps [171,172].

5.3. Security Attacks

Attacks on smart grid security encompass a range of malicious actions that take advantage of security gaps and target the weak points in the security of smart grid systems. These attacks, outlined below, frequently compromise the confidentiality, integrity, availability, authentication, safety, and privacy of the smart grid infrastructure, as presented in Table 15.
Table 16 summarizes the smart grid security attacks and their countermeasures. Due to the presence of various attack types targeting different smart grid components, numerous risks arise. These risks are presented in the next section.
It is clear that the implementation of efficient safeguards is essential to the resilience of smart grid infrastructure, given the wide range of security and safety hazards outlined above, including insider threats, equipment malfunctions, cyberattacks, and communication vulnerabilities. These flaws compromise not only the confidentiality, availability, and integrity of data but also the dependability and security of vital infrastructure functions. The section that follows examines both cryptographic and non-cryptographic security methods designed to mitigate these risks, protect system components, and ensure the safe and continuous operation of the smart grid in response to these challenges.

6. Smart Grid Risks

Smart grid risks are based on potential threats and vulnerabilities that compromise the privacy, security, reliability, functionality, and availability of smart grid systems, networks, and services [212]. Physical incidents or natural disasters often cause these risks. Therefore, it is essential to understand how to manage these risks (see Figure 6) to ensure a safe, reliable, and operational smart grid infrastructure [213].

6.1. Risk Types

Smart grids are subject to various risks that impact their reliability, security, and functionality. To manage these risks effectively, a risk management strategy must be adopted to establish emergency response plans, ensure proper physical security measures, and promote a culture of security and awareness among personnel. Safety-based and security-based risks are the two categories into which risk types are categorized. Mitigating risks requires implementing cyber-security strategies and measures [7] to reduce the impact and likelihood of the evident risks by adopting the right risk mitigation measures [214,215], where the main ones are presented in Table 17.

6.2. Risk Assessment and Evaluation

Identification, analysis, and evaluation of potential risks and vulnerabilities related to the infrastructure of the smart grid, including CPS [216], are necessary for risk assessment [217]. Determining the possibility of a potential attack and evaluating its impact involves assessing the infrastructure, software, hardware, devices, networks, technologies, procedures, and human factors [218,219]. The smart grid risk assessment includes several key steps, which are presented in Table 18.
Before analyzing risks in smart grids, one must first establish their relevance by assessing their likelihood and potential consequences should they occur [217,220]. This requires prioritizing them before mitigating them [221]. Risk mitigation should be a mandatory iterative process to improve and adapt to changing circumstances and varying risks to maintain smart grids’ resiliency, security, and robustness [222]. Therefore, risk evaluation in smart grids involves different steps listed and described in Table 19. As a result of these risks, many security-related solutions presented by different authors are highlighted and analyzed.

6.3. Risk Mitigation

Mitigating risks requires implementing cybersecurity strategies and measures [7] to reduce the impact and likelihood of the evident risks by adopting the right risk mitigation measures [214,215]. The main risk mitigation measures are presented in Table 20 and are summarized in Table 21.

6.4. Linking Risks to Security Solutions

In order to bridge the gaps, having identified the various risks and vulnerabilities that threaten smart grid infrastructure, it is clear that it is crucial to implement the right sophisticated security measures targeted at overcoming these threats, vulnerabilities, and attacks. The following table maps common smart grid risks to relevant security solutions, creating a strategic link between vulnerabilities and mitigation strategies as seen in Table 22.

7. Existing Security Solutions

This section outlines a range of security solutions designed to mitigate the specific risks and vulnerabilities mapped in Table 22. It also provides a comprehensive overview of countermeasures, categorized into cryptographic and non-cryptographic techniques, to address the vulnerabilities identified in the previous section. The goal of these technologies is to increase the smart grid’s resilience to the most serious cyber–physical threats.
Securing smart grids is not an easy task; hence, the adoption of both cryptographic and non-cryptographic solutions serves different purposes in securing and protecting smart grids from various security attacks and threats while maintaining high accuracy and without affecting performance. Therefore, combining cryptography and non-cryptography is crucial. This is done by analyzing the data and extracting its valuable insights to identify energy theft, smart meter tampering, accurate prediction, grid frequency and voltage fluctuations management, energy storage optimization, fault diagnosis, equipment failure prediction, and maintenance schedules [223,224] to issue a report to repair the problem with the least possible delay [225].
To strengthen the practical dimension of this proposed work, real-world examples and performance-oriented enhancements are integrated into the discussion. Lightweight cryptographic algorithms, such as Elliptic Curve Cryptography (ECC) and AES-CCM, have been adopted in AMI due to their balance between security strength and computational efficiency, making them particularly suitable for resource-constrained smart grid devices. In parallel, non-cryptographic methods, including anomaly-based detection systems and dynamic risk scoring, have been implemented in various pilot deployments to enhance system responsiveness and resilience. Notably, machine-learning-based intrusion detection systems trained on datasets like ICS-CERT and KDD Cup have shown promising results, achieving high detection accuracy and minimal false positives. These real-world applications and performance evaluations provide a concrete basis for the effectiveness and feasibility of the solutions presented, underscoring their relevance in modern smart grid security architectures.

7.1. Cryptography Solutions

Cryptography plays a crucial role in ensuring the security and privacy of smart grids as it achieves data confidentiality through symmetric encryption, data integrity and message authentication via Message Authentication Codes (MACs) or digital signatures, and system and data availability through the use of available servers and backup devices, respectively. Entity authentication can be achieved via a cryptographic protocol that utilizes either symmetric encryption or asymmetric encryption, with non-repudiation ensured through digital signatures and certificates. Besides, secure and robust key management via secure generation, distribution, and management of cryptographic keys is mandatory. By employing these cryptographic techniques, data and user safety, security, privacy, and integrity can be protected against data tampering and breaches, as well as securing and protecting critical information and operations within the grid infrastructure in real time. Hence, a list of cryptography-based solutions is presented as follows (see Table 23).

7.1.1. Cryptographic Protocols

In [226], Mahmood et al. presented an Elliptic Curve Cryptography (ECC)-based lightweight authentication scheme for smart grids to secure underlying communication between substations and the corresponding control centre. The scheme is said to provide mutual authentication with low computational and communication costs while also withstanding all known security attacks. Additionally, in [227], Sadhukhan et al. proposed a new lightweight scheme for mutual authentication using Elliptic Curve Cryptography (ECC) to enhance the robustness of the smart grid against various security threats in complex, delay-sensitive smart grid network communication. The simulation results demonstrated that the scheme is sufficiently efficient to be implemented in a realistic scenario.
In [228], Kumar et al. presented a message encryption algorithm that can be employed in smart grid distribution system hardware, using a new Time Authenticated Cryptographic Identity Transmission (TACIT) algorithm hardware chip to secure grid communication. After this, in [229], Kumar et al. addressed the smart grid and nuclear power plant security issues and presented the latest Time Authenticated Cryptographic Identity Transmission (TACIT) cryptographic algorithm. The simulation showed that TACIT achieved good results when integrated with embedded hardware and Field Programmable Gate Array (FPGA) to provide grid data security from the distribution end to consumers or vice versa. Also, in [230], Kumar et al. presented a validation system dependent on Elliptic Curve Cryptography (ECC) to secure the smart grid, especially regarding validation and data protection. The formal verification was achieved using the ProVerif tool along with Burrows–Abadi–Needham logic (BAN logic), and, based on the conducted analysis, the system demonstrated its efficiency in terms of operation, storage, and transmission costs, as well as against numerous security attacks. The authors continued their work, and in [231], Kumar et al. presented the cryptography-based substitution box (S-box) Advanced Encryption Standard (AES) to securely manage Supervisory Control and Data Acquisition (SCADA) networks. These methods can be merged with smart grid communication hardware and grid distribution as an integrated chip to secure the smart grid and plants by incorporating secure hardware. Lastly, in [232], Kumar et al. successfully designed a cryptographic Advanced Encryption Standard (AES) algorithm hardware chip for a smart grid in Xilinx 14.7 software before simulating its functionality with cryptographic encryption and decryption to ensure secured smart grid data communication.
On the other hand, in [233], Mishra et al. presented an anonymous session key agreement protocol for the smart grid environment, which uses fog as a specialized middle layer technique to establish efficient communication. The protocol is said to achieve desirable security goals and performance attributes.
In fact, all recent cryptographic approaches are designed to be lightweight, reducing the required latency and resources and responding better to hardware limitations, especially in the case of tiny IoT devices.
In [234], Tanveer et al. devised a lightweight AuthentiCation (AC) protocol for a smart grid called LACP-SG. LACP-SG employs the hash function, “Esch256”, and “authenticated encryption” to accomplish the AC phase and ensures secure data exchange between the smart meter (SM) and server by validating the SM’s authenticity. Demonstrations showed that it is less resource-intensive and achieves better security characteristics. In [235], Park et al. presented an efficient system to address security and privacy problems to overcome the limitations of data aggregations in terms of cryptographic overhead. The experiments demonstrated that the scheme is efficient and can easily distinguish benign users and bad actors. In [236], Badar et al. presented a lightweight mutual authentication scheme to offer surveillance to smart meters in smart grid infrastructure. The analysis revealed that the scheme is efficient against well-known security threats.
In resource-constrained IoT environments, lightweight cryptographic algorithms, such as post-quantum and privacy-preserving techniques, can protect smart grid components from changing cyberthreats while preserving efficiency. One real-world example is their use in smart meters, where low-level encryption guarantees the safe transmission of real-time energy consumption data without exhausting the computational power of the device.

7.1.2. Blockchain Approaches

Apart from cryptographic protocols, blockchain approaches were also used as a solution that overcomes the drawbacks of cryptographic protocols (see Table 24). In [237], Wang et al. addressed the security issues surrounding real-time power transmission (i.e., DDoS) and presented a reliable and efficient authentication protocol by combining Elliptic Curve Cryptography (ECC), a dynamic Join-and-Exit mechanism, and batch verification with blockchain technology. The experimental results showed that the protocol achieves enhanced security and performance. In [238], Liu et al. presented a multi-dimensional data aggregation scheme based on certificate-less public key cryptography for smart grids. This scheme uses a Paillier homomorphic encryption system within a fog-computing-based architecture, implementing authentication and key negotiation among member users. Performance analysis showed that it can effectively reduce the computational overhead of both smart meters and aggregators compared to other schemes. In [239], Sani et al. introduced SDAG as a blockchain-enabled secure data awareness model that enables energy nodes to provide visibility into energy operations without involving energy operators in the smart grid. SDAG includes a Registration Protocol (RPro) that assigns a cryptographic identity to an energy node and a Data-Aware Protocol (DAPro) that executes data awareness with the support of a shared secret session key. The model was applied to mitigate the State Estimator (SE) loss due to contracting data in a real-world energy grid. In [240], Oberko et al. presented an Ethereum-blockchain-oriented secure access regulation design that upholds traceability and revocability to resolve smart grid problems, utilizing the Decisional Bilinear Diffie–Hellman (DBDH) complex theory to secure the system against multiple attacks. The analysis revealed that this design achieves shorter overhead duration in the phases of generating the public key, data encryption, and decryption. In [241], Bitirgen et al. presented a method that detects false data injection attacks in smart grids by optimizing Convolutional Neural Networks — Long Short-Term Memory (CNN-LSTM) with Particle Swarm Optimization (PSO). The results showed that this model outperformed other deep learning (DL) models with a high accuracy rate that provides decision support for smart grid operation systems.
Blockchain technologies provide decentralized trust, tamper resistance, and transparent auditing, making them ideal for safe data sharing and transaction validation in real-world smart grid environments. For instance, the blockchain can be utilized in peer-to-peer energy trading networks, enabling prosumers to safely trade excess solar energy with neighbors without the need for a central authority or intermediary.

7.2. Non-Cryptography Solutions

Cryptography plays a crucial role in securing smart grids, particularly in terms of data security. However, security solutions can be based on a non-cryptographic approach to detect and prevent intruders in addition to correcting the damage at a lower latency time and reinforcing the security level with an acceptable trade-off. This also requires providing additional layers of security while allowing them to be linked with cryptographic techniques to provide comprehensive security for smart grids. The main non-cryptography solutions presented below include anomaly/cyberattack detection and honeypot solutions.

7.2.1. Anomaly Detection

Anomaly detection is essential in smart grids due to the vast amount of data generated by IoT devices in real time, including energy consumption and grid conditions. These techniques identify and analyze abnormal patterns and behaviors to ensure the smart grid’s safety, security, and reliability while also enabling efficient energy management. As a result, various anomaly-detection-based solutions were presented (see Table 25) that can be based on statistical or machine learning approaches (unsupervised, supervised, or semi-supervised).
In [242], Yaacoub et al. presented a survey that discusses the security and safety issues, limitations, challenges, and solutions of federated learning with IoT systems, especially involving CPS and smart grid systems. In [243], Liu et al. presented a statistical-based anomaly detection method to detect consumption anomalies in a real-time manner. The results demonstrated the effectiveness and scalability of the proposed lambda detection system. Examples of unsupervised learning approaches such as Menon et al. [244] identify anomalies in the smart grid traffic and detect flooding and DoS attacks in smart grid networks using the k-Means clustering algorithm to cluster traffic data and outlier detection for the transmitted data. The results showed that it has a higher percentage in anomaly detection. Also, Karimipour et al. [245] presented an unsupervised anomaly detection scheme based on a statistical correlation between measurements to differentiate between an actual fault, a disturbance, and an intelligent cyberattack. The results showed that the scheme achieves an accuracy of 99%, a true-positive rate of 98%, and a false-positive rate of less than 2%.
In [246], El-Awadi et al. presented a strategy to detect anomalies in the edge of the smart grid using a fog computing approach that detects anomalous patterns in the electricity consumption data via collaboration of distributed devices at the edge of the smart grid network to reduce communication delay. In [247], Marino et al. presented a cyber–physical sensor called Industrial (Control Systems) Resilient Security Technology (IREST) that detects anomalies by considering both cyber and physical disturbances in a complex system, providing a scalable framework for cyber–physical security research.
In [248], Li et al. presented a privacy-preserving anomaly-based data falsification attack detection over Fully Homomorphic Encrypted (FHE) data that performs the needed computations to detect attacks over encrypted individual customer smart meter data. The experimental results show that injection of false power consumption is detected within 11–17 s of execution time, depending on the accuracy.
In [249], Abdelkhalek et al. presented a supervised Machine Learning (ML)-based Anomaly Detection System (ADS) to detect various stealthy IT and OT attacks on DER communication. The experimental results showed that the system has a detection rate of 98.4%, a false-positive rate of 0.28%, and a false-negative rate of 1.32%. In [250], Takiddin et al. presented an adoption of deep (stacked) auto-encoders with a Long Short-Term Memory (LSTM)-based sequence-to-sequence (seq2seq) structure to capture the sophisticated data patterns and exploit the time-series nature of data. The simulation results showed an enhancement of 4–21% and 4–13% in detection and false alarm rates. In [251], Nafees et al. presented an approach based on physics-informed hybrid deep-learning detection using a process control-based variational autoencoder, prior knowledge of physics, and Long Short-Term Memory to detect false data injection attacks. The experimental results show that the accuracy of the lowest reconstruction error is 96.9%. In [252], Abdel et al. introduced a novel privacy-preserving Federated semi-Supervised Class-Rebalanced (Fed-SCR) framework to detect anomalous power data in fog-assisted smart grids while maintaining communication efficiency. The evaluation results showed that the industrial smart grid (ISG) achieves an accuracy of 97.28% in binary classification and between 96.36 and 95.04% in multi-class classification. In [253], Siniosoglou et al. presented an IDS called MENSA (anoMaly dEtection aNd claSsificAtion), which adopts a novel Autoencoder-Generative Adversarial Network (GAN) architecture to detect operational anomalies and classify cyberattacks. The e valuation results showed that MENSA achieves high accuracy with a low False-Positive Rate (FPR). In [254], Aribisala et al. presented a hybrid Multilayer Perceptron (MLP) Sequential-Feed Forward Neural Network (SEQ-FFNN) as a self-learning model that performs a principal component analysis, hyper-parametrization, testing, training, and prediction of accurate outputs per code iteration. The results showed that the detection accuracy achieved 98.97% for tanh-activated layers and 99.59% for the Sigmoid-activated model. In [255], Jithish et al. presented a federated learning (FL)-based smart grid anomaly detection scheme where ML models are trained locally in smart meters without sharing data with a central server to ensure users’ privacy while securing model parameter updates for the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol.The study showed that it performs efficiently regarding memory, bandwidth, CPU usage, and power consumption at edge devices and can be deployed in resource-constrained environments.
In [256], Stryczek et al. focused on the Internet of Energy (IoE) devices and network resources [257,258]. They considered three machine learning techniques, including Long Short-Term Memory (LSTM), Isolation Forest (IF), and Support Vector Machine (SVM), while also describing the data preparation process. The authors also showed that a more accurate classification can be achieved by increasing the number of analyzed features. In [3], Sahani et al. surveyed the concept of Machine learning (ML)-based Intrusion Detection System (IDS) approaches in smart grids, especially in transmission and distribution-side power components of a smart power grid while taking into consideration the security aspect. Meanwhile, several solutions were presented, such as the following: In [259], Karimipour et al. presented an unsupervised anomaly detection based on a statistical correlation between measurements and using symbolic dynamic filtering (SDF) to reduce the computational burden. The results showed an accuracy of 99%, with a true-positive rate of 98%. In [260], Dairi et al. presented an enhanced cyberattack detection strategy using unlabeled data to monitor ICS traffic and detect suspicious data transmissions, with two semi-supervised hybrid deep-learning-based anomaly detection methods being designed for intrusion detection in ICS traffic of the smart grid. The experimental results show that this strategy achieved enhanced detection with an averaged F1-score of 0.98. In [261], Babar et al. presented a secure Demand-Side Management (DSM) engine using machine learning for the IoT-enabled grid to preserve the efficient utilization of energy. In contrast, a specific resilient model was presented to control intrusions in the smart grid. Analysis showed that the projected DSM engine is less vulnerable to intrusion and effective enough to reduce power utilization. Finding unusual patterns and strange behaviors in smart grid operations that indicate cyberattacks or system failures requires the use of anomaly detection techniques, especially those based on machine learning. Anomaly detection, for instance, can be used to track grid voltage shifts and identify any sudden variations that could point to a substation equipment failure or a False Data Injection Attack (FDIA).

7.2.2. DDoS Detection

DDoS attacks can flood the smart grid’s network with traffic, overwhelming its capacity and causing it to crash and cause either a partial or a total power outage and/or cascading blackout, burnout, or brownout [262]. However, by implementing DDoS detection and prevention mechanisms, smart grid incident responders can quickly react by identifying the type of attack, activating the necessary countermeasures, and isolating systems and devices if necessary. This will prevent and minimize power disruptions and ensure the smart grid’s resiliency and reliability. As a result, several recent solutions were presented to mitigate this threat (see Table 26), such as in [263], where Ghanbari et al. described an anomaly detection method that improves the detection rate of DDoS attacks in smart grids. This was done by increasing the training classification and testing phases in a Convolutional Neural Network (CNN), using a full version of the Variance Fractal Dimension Trajectory (VFDTv2), and Support Vector Machine (SVM), and applying Discrete Wavelet Transform (DWT). The implementation managed to detect DDoS attacks with an accuracy of 87.35%. In [209], Acarali et al. presented a compromise propagation model alongside a behavioral DDoS model to explore how dependencies between the grid’s networks might influence the scale and impact of DDoS attacks. The results showed how these models could be considered in the future as an alternative to graph-based modeling for predicting the interconnected network vulnerabilities within smart grid critical infrastructure. In [264], Torres et al. presented iCAD as an information-centric architecture, extending the iCAAP architecture they had already presented before to show its effectiveness in mitigating DoS/DDoS attacks. The simulation results demonstrated that iCAD can successfully handle DDoS traffic and meet QoS expectations of applications. In [265], Merlino et al. developed a situational awareness tool to detect the system’s compromise by monitoring the Indicators of Compromise (IOCs) of amplification DDoS attacks and exploring attack footprints to understand their nature and cyber behavior. The tool was tested against a real dataset of DDoS attack instances and successfully distinguished and detected different types of amplification DDoS attacks. In [210], Diaba et al. presented a hybrid deep learning algorithm that focuses on DDoS attacks on the smart grid’s communication infrastructure, using the Convolutional Neural Network (CNN) and the Gated Recurrent Unit (GRU) algorithms. The simulation results showed that the algorithm outperforms the current intrusion detection algorithms with an accuracy of 99.7%. In [266], Ortega et al. presented a comprehensive and systematic analysis of DoS attacks in the smart grid along with their effect while discussing the detection and mitigation techniques against DoS attacks in the smart grid using reinforcement learning (RL) algorithms. DDoS detection techniques are crucial for preserving the smart grid’s control systems and communication channels’ availability, particularly in high-load, attack-prone conditions. One interesting use case involves using DDoS detection at a utility’s data aggregation server gateway, where real-time traffic analysis can pinpoint flooding efforts before they interfere with meter-to-grid interactions.
Table 25. Smart grid anomaly detection and security approaches.
Table 25. Smart grid anomaly detection and security approaches.
YearRef.TypeDescriptionCharacteristicsAdvantagesDrawbacksLimitationsChallengesImprovements
2016[243]StatisticalReal-time consumption anomaly detection using lambda detection systemStatistical model, real-time monitoringEffective and scalableLimited to statistical patternsMight not adapt well to non-linear anomaliesHandling evolving data patternsIntegration with ML-based methods
2016[244]Unsupervised MLk-Means clustering for anomaly detection in smart grid trafficUnsupervised learning, clustering-basedHigh anomaly detection rateDepends on clustering performanceHard to interpret clustersReal-time processing and adaptabilityHybrid approach with supervised methods
2019[245]Unsupervised MLStatistical correlation-based scheme for anomaly detectionCorrelation analysis, unsupervisedHigh accuracy and true-positive rateRequires extensive historical dataLower performance with noisy dataDifferentiating between faults and attacksEnhanced preprocessing and feature selection
2019[246]Fog computingFog-based anomaly detection at the edge in smart gridDistributed detection, low latencyReduces communication delayComplex deployment and maintenanceLimited computational resourcesDevice synchronization and coordinationEdge-cloud collaboration models
2019[247]Cyber–physical sensorIREST sensor to detect anomalies in ICS environmentsCyber–physical integration, scalable designScalable framework for ICS securityNeeds comprehensive deploymentMay miss application-specific threatsCalibration and tuning for various environmentsIntegration with threat intelligence
2022[248]FHE-basedFHE-based anomaly detection over encrypted smart meter dataFully homomorphic encryption, secure computationPreserves privacy while detecting falsified dataComputationally intensiveExecution time dependent on accuracy levelEfficient computation over encrypted dataOptimization of homomorphic operations
2022[249]Supervised ML-based ADSAnomaly detection system for DER communicationHigh accuracy, low false-positive and false-negative ratesEffective in detecting stealthy IT/OT attacksRelies on labeled dataLimited generalizability across domainsData labeling, real-time adaptabilityEnhance domain adaptability, reduce reliance on labeled data
2022[250]Deep Autoencoders and LSTM seq2seqCaptures complex time-series patterns in grid dataLayered structure, temporal sequence modelingImproved detection and lower false alarmsHigh computational costNeeds high-quality time-series dataDeployment on edge devicesOptimize for lightweight deployment
2022[251]Physics-informed hybrid deep learningDetects false data injection using physics-based priorsUses variational autoencoder and LSTMHigh detection accuracy, physics-awareComplex model integrationScalability to large-scale systemsComputational efficiencyImprove scalability and real-time inference
2022[252]Federated semi-supervised class-rebalancedAnomaly detection in fog-assisted grid with Fed-SCRSemi-supervised, federated, privacy-preservingEfficient and privateClass imbalance issuesComplex implementationModel synchronization and imbalanceRefine rebalancing strategies
2021[253]Autoencoder-GAN based IDSMENSA: anomaly detection and classificationGAN with autoencoder for smart gridHigh accuracy, low FPRTraining complexityTraining stability of GANsDeployment in real-time systemsStabilize GAN training, adapt to grid dynamics
2022[254]Hybrid MLP SEQ-FFNNSelf-learning IDS with hyperparameter tuningMultilayer, PCA, tanh/sigmoid activationHigh detection accuracyOverfitting riskPerformance drops on unseen patternsMaintaining generalizationIncorporate regularisation and validation techniques
2023[255]Federated learning-based anomaly detectionLocal training on smart meters, secure updatesFL, privacy-focused, efficientPrivacy-preserving, scalableCommunication overheadDependency on reliable connectionsResource constraints at edgeReduce bandwidth needs, improve fault tolerance
2023[256]ML-based anomaly detectionFocused on Internet of Energy (IoE) devices using LSTM and SVM for intrusion detectionMultiple ML techniques, attention to feature engineering and preparationImproved classification accuracy with more featuresNo mention of real-time testing, assumes sufficient computational resourcesScalability in real-world deployments, dependency on feature qualityData heterogeneity and privacy in IoE environmentsIncrease the number of features analyzed for better accuracy
2019[259]Experimental StudyUnsupervised anomaly detection using statistical correlations and SDFReduced computational burden using symbolic dynamic filteringHigh accuracy (99%) with low false positivesFocus limited to correlation-based attacksLimited scope to certain types of anomaliesModel generalization to broader attacksIntegration with other detection layers
2023[260]Experimental StudySemi-supervised hybrid DL anomaly detection for ICS trafficUsed unlabeled data for real-world intrusion detectionHigh F1-score (0.98) and effective with unlabeled dataPotential complexity in hybrid model tuningTesting confined to ICS environmentsGeneralization to varied smart grid architecturesAdaptation to more diverse datasets
2020[261]Experimental StudyDSM engine for IoT-based smart grids with intrusion controlFocused on DSM and secure energy optimizationReduced power use and improved intrusion resilienceLimited evaluation under diverse attack typesDoes not explore detailed ML designReal-time deployment and feedback integrationBroaden ML feature set and adaptive response mechanisms
Table 26. Smart grid DDoS detection and security approaches.
Table 26. Smart grid DDoS detection and security approaches.
YearRef.TypeDescriptionCharacteristicsAdvantagesDrawbacksLimitationsChallengesImprovements
2022[263]DDoS DetectionAnomaly detection using CNN, VFDTv2, SVM, and DWT to improve DDoS detection rate in smart gridsHybrid DL/ML, signal processing-based featuresMulti-technique detection, good accuracy (87.35%)Moderate performance, may require complex preprocessingModel generalizability and real-time deployment not assessedLatency and scalability on smart grid nodesStreamlined preprocessing and edge optimization
2022[209]ModelingDDoS propagation model capturing interdependencies and grid network behaviorDependency modeling, behavioral analyticsNetwork-level insight into attack spreadRequires extensive graph dataAbstract representation without live data validationIntegrating into operational grid infrastructureEmpirical validation and hybridization with graph-based detection
2022[264]DDoS MitigationiCAD architecture extended from iCAAP to mitigate DDoS while preserving QoSInformation-centric, layered defenseQoS-aware protection against DoS/DDoSSimulation-based, requires validationScalability and real-world deployment untestedCompatibility with legacy grid protocolsTestbed deployment and integration into smart grid middleware
2022[265]Situational AwarenessIOC-based DDoS detection tool tested on real amplification DDoS datasetsIOC analysis, amplification attack profilingEffective in real-data scenariosFocus on specific DDoS types onlyDoes not detect non-amplification DDoS attacksBroader coverage and automated IOC updateExtension to adaptive IOC engines and real-time correlation
2023[210]Hybrid DL (CNN-GRU)Hybrid DL-based model for detecting smart grid DDoS with CNN-GRUTemporal and spatial learning via CNN-GRUHigh detection accuracy (99.7%)Model complexity may hinder deploymentNo deployment context or system resource testBalancing performance with runtime costModel compression or quantization for edge deployment
2023[266]ReviewReview of DoS attack impact, detection, and mitigation using reinforcement learningComprehensive overview, RL-driven defenseWide coverage and forward-looking strategyMainly theoretical and survey basedLack of tested implementationReal-world applicability of RL in smart gridPilot RL deployments and benchmark comparisons

7.2.3. Honeypot Solutions

Using honeypots in smart grids can be an effective security strategy to detect cyberattacks and identify their source by creating a dummy system that tricks the attacker and collects data about them instead [8]. Honeypots can be deployed at various points within the smart grid’s critical infrastructure, including networks and their edges. In this paper, several honeypot-based solutions are presented (see Table 27). In [267], Albaseer et al. presented a DL-based model with a Long Short-Term Memory Recurrent Neural Network (LSTM RNN) architecture as a method that addresses the vast amount of gathered data by log files and the limited smart grid devices’ capacity using deep-learning-based (DL) technology while combining weak labels to preserve their contribution during training. The experimental results show that it achieves 99.8% test accuracy while using only 25% of the features. In [268], Izzuddin et al. deployed a GridPot honeypot to collect threat data targeting the smart grid system. They analyzed the collected threat data by mapping them to the MITRE ATT&CK for the Industrial Control System (ICS) framework to show how real these threats can be at harming the smart grid. In [269], Rashid et al. deployed a scalable low-interaction honeypot in Amazon Elastic Compute Cloud (AWS EC2) instance across six different regions to determine the current threat landscape and the knowledge to compromise Industrial Control System (ICS). In [270], Lygerou et al. enhanced the HosTaGe honeypot specifically for IoT communication protocols over public networks for mobile Android devices. This protocol honeypot utilizes the cellular network to establish decentralized, simulated infrastructures of IoT systems across various types of IoT network protocols. The virtualized honeypot networks capture logs and analyze real-world public attacks on them. In [271], Albaseer et al. developed a privacy-preserving honeypot-based detector and cost-effective federated learning (FL) framework for efficient security model development, where two verification steps are required before forming the global model. In this model, the Traditional Power Retailers (TPRs) encourage the Small-scale Power Suppliers (SPSs) to share their collected honeypot logs by designing proper rewards. The extensive simulations show that the presented solution outperforms existing approaches. In [272], Auti et al. presented HoneyTrack as a lightweight and very efficient tool that can be easily and quickly installed in any system to help reach the roots of the attacker. The honeypot was set up in the Microsoft Azure cloud to monitor the attacks that targeted the authors’ server. The testing results show that companies can launch security policies based on the results of the HoneyTrack. In [273], Abdulqadder et al. proposed a Directed Acyclic Graph (DAG) blockchain architecture, where IoT mobile users in the 5G network are authenticated via the Access Points (APs). The experimental results show that this model outperforms existing QoS approaches, including bandwidth, response time, delay, packet loss, detection accuracy, and authentication time. To facilitate proactive threat intelligence and forensic investigation, honeypot solutions serve as decoys to deceive and track attackers without disclosing real smart grid assets. Placing honeypots within AMI to imitate vulnerable endpoints and record malicious activity without interfering with core operations is one popular deployment method.

7.3. Forensics Solutions

Smart grid forensics work on collecting, preserving, examining, and analyzing digital evidence retrieved or found during a security-related or non-security-related incident [274]. This also requires exploring communication logs, inspecting and isolating suspected devices, and analyzing network traffic to identify the cause of the incident and prevent future similar events [275] based on the newly developed strategies. As a result, several smart-grid-based forensics solutions were presented (see Table 28). In [276], Abdullah et al. conducted a study that sheds light on the development of the proposed Smart Grid Digital Forensics Investigation Framework to support digital forensics investigations, especially in cases like the Stuxnet attack, to identify the suitability of phases to be integrated in their framework. Mohamed et al. defined and discussed the emerging area of CPS forensics and reviewed some of its presented approaches in [277]. In [278], Bhattacharjee et al. presented a taxonomy of possible data falsification strategies in AMI micro-grids before presenting a trust model based on Kullback–Leibler divergence to identify compromised smart meters and additive and deductive attacks. The experimental results show this model has a high true-positive detection rate, with a false alarm rate of 8%. In [279], Parra et al. presented a conceptual Software-Defined Network (SDN)-based security monitoring framework that is based on SDN, Network Behavior Analysis (NBA), Deep Learning Models, and DPI attack corroboration, as well as a conceptual forensic-driven security monitoring framework with digital forensics and investigation capabilities being integrated for security monitoring. Sadineni et al. presented a holistic approach based on the ISO/IEC 27043 [280] international standard that covers the diverse application domains and eliminates the overhead of employing ad hoc models in [281]. The model has three forensics phases: forensic readiness (proactive), forensic initialization (incident), and forensic investigation (reactive), and it supports diverse Internet of Things applications. In [282], Kotsiuba et al. presented a logging architecture as a methodological framework based on the recommendations of the UK National Cyber Security Center and the result of applying the OSCAR methodology and relevant open-source tools to ensure the necessary collection and storage of forensics information, as well as the legality of evidence in courts. In [283], Grammatikis et al. presented the Secure and PrivatE smArt gRid (SPEAR) architecture to protect smart grids by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence, and providing an anonymous cybersecurity information-sharing mechanism. In [284], Le et al. addressed data confidentiality by employing ciphertext-policy attribute-based encryption to establish a fine-grained log access control while introducing a hybrid blockchain system generating novel signature chains to achieve a private log protection system, loss prevention, tamper resistance, immutability, and non-repudiation. In [285], Abdullah et al. presented a digital procedure that guides investigators to perform digital forensic investigation against Distributed Denial of Service (DDoS) and False Data Injection (FDI) attacks, especially in a smart grid environment to ensure the evidence’s integrity during collection and analysis to be used as legal evidence in court. Cyber–physical attacks on smart grid systems can be investigated, traced, and linked with the help of forensics solutions, which facilitate post-event analysis and legal accountability. One practical scenario is the use of digital forensics in the event of a substation outage, where log data from network gateways and smart meters can be utilized to reconstruct the events and identify the source of the intrusion.

7.4. Ethical Hacking Solutions

In the context of smart grids, ethical hacking can play a crucial role in identifying vulnerabilities and security gaps/weaknesses in both systems and devices to help identify potential attack vectors and exploits that may jeopardize the safety and security of the smart grid domain (see Table 29). A recent ethical hackers framework was presented in [286], including tools and scenarios/situations, especially surrounding the IoT domain [287], and can be adapted to the context of smart grids. However, ethical hacking must be conducted in an authorized, responsible, professional, safe, and legal manner, especially when applying the “Red Team/Blue Team” solution that divides the penetration testing scenario into a red team serving as attackers and a blue team serving as defenders.
As critical as this domain is for smart grids, there are not many available solutions dedicated to solving this issue. Yardley et al. [288] presented a case study that works on quantification of security, formal methods, and tool creation before testing it on the AMI protocol space to prove its effectiveness. In [289], Weerathunga et al. focused on the Intelligent Electronic Device (IED) firmware system security testing to ensure early vulnerability detection that surrounds the IED communication stack and Supervisory Control and Data Acquisition (SCADA) applications. Moreover, good security practices in design and coding were also discussed. In [290], Oyewumi et al. presented the design of ISAAC, the Idaho CPS Smart Grid Cybersecurity Testbed, with several fully functional components with machine learning capabilities for CPS. In [291], Konstantinou et al. discussed how the hardware of grid equipment can be used to collect intelligence using different attack and access scenarios while examining the outcome of “hardware hacking” at device and grid operation levels. Hardware hardening techniques were also presented to make components attack-resistant and reduce their vulnerability surface. In [292], Hashimoto et al. presented the design and implementation of an integrated testing platform, where several smart inverter behavior tests were executed with results showing that this platform increases the system testing efficiency by 85% while minimizing human errors and man-hours. In [293], Heiding et al. conducted the most comprehensive study on penetration testing of connected household products, where systematic penetration tests were conducted on 22 devices in five categories related to connected homes. As a result, 17 vulnerabilities were discovered and published as new Common Vulnerabilities and Exposures (CVEs), with 52 other weaknesses.
Authorized simulated attacks on smart grid infrastructure are used in ethical hacking to find security flaws before any adversary can take advantage of them. Penetration testers can, for example, simulate an insider trying to increase privileges within the SCADA network, assisting services in locating incorrectly installed access controls and fixing serious security holes and vulnerabilities.
It is important to know that despite being popular in IT security, direct application of penetration testing and ethical hacking in OT environments, particularly legacy systems, can be dangerous and even detrimental. Since OT systems are frequently mission-critical, they are not built to withstand stress-testing or active probing methods, which could cause unanticipated failures or outages. Therefore, such testing needs to be done very carefully in smart grid contexts, ideally using digital twins, testbeds, or replicated environments instead of operational systems. Live penetration testing is not suitable for the majority of OT infrastructures due to the potential for financial losses or disruption of critical services. Key security challenges and mitigation strategies in OT-based smart grid environments are presented in Table 30.

7.5. GAN and LLM-Based Solutions

Generative adversarial networks (GANs) play a key role in enhancing smart grid security by enabling the encryption and concealment of confidential energy data usage within cover images to safeguard consumer privacy and data integrity. As a result, several solutions were presented (see Table 31). In [294], Zhang et al. presented a novel data-driven approach to synthetic dataset generation using deep GAN. This method generates synthetic samples that closely resemble real data by learning the conditional probability distribution of essential features from real datasets. The e valuation results demonstrated a convergence between real and synthetic datasets, showing that it is indistinguishable from real data in terms of task outputs. These solutions can be used to increase the size of the dataset (in the case of a small dataset) and retrain the model to enhance its performance. On the other hand, attackers can also use these solutions to construct adversarial samples that can be used to compromise ML cybersecurity solutions.
In [295], Desai et al. presented a privacy-preserving architecture for fine-grained power data in smart grids using GANs and an obfuscator to generate synthetic time series with minimal energy difference. Therefore, it effectively addresses consumer privacy concerns in the context of smart meter data. In [296], Himthani et al. presented a method where data encryption is followed by embedding encrypted data into cover images using a GAN to enhance data security by concealing confidential information. In [297], Ezgi presented a study to investigate the transformative potential of generative artificial intelligence, particularly GANs, in addressing challenges related to load forecasting, power outage prediction, and preventive maintenance within electricity distribution companies. In [298], Munir et al. presented a novel zero-trust framework for a Power Grid Supply Chain (PGSC), which facilitates early detection of potential GenAI-driven attack vectors. Tail-based risk metrics were also introduced to quantify the risks associated with extreme attacks. The efficacy of this zero trust framework achieves 95.7% accuracy in attack generation and 99% confidence in defense against GenAI-driven attacks.
The use of LLMs offers significant potential benefits for enhancing cybersecurity in smart grid security and is proposed to enhance automated threat detection, incident response/decision-making, vulnerability management, and operational efficiency. However, they also present challenges related to data sensitivity, resource requirements, interpretability, and ethical considerations (see Table 32). Balancing these advantages and limitations is crucial for effectively leveraging LLMs in cybersecurity. Hence, several potential solutions are presented. In [299], Shahzad et al. presented a new framework using AI and advanced data analytics for automated solution development in smart grids, aiming to streamline the software development process, capitalize on recent advancements in AI technologies, and generate revenue through various business models. In [300], Zaboli et al. introduced a novel cybersecurity framework using LLMs to detect anomalies in IEC 61850-based digital substation communications, incorporating data pre-processing and Human-In-The-Loop (HITL) training, with comparative analysis conducted across various LLMs using a Hardware-In-The-Loop (HIL) testbed to evaluate performance metrics. In [301], King et al. introduced LLMs to create automation routines in response to loosely constrained user commands, proposing Sasha, a smarter smart home assistant, to address these challenges. In [302], Dong et al. highlighted the necessity to explore both capabilities and limitations of LLMs in enhancing the electric energy sector’s operations, identifying key research directions such as fine-tuning data collection systems, embedding power system-specific tools to improve LLM responses, and safety-critical use cases. In [303], Ruan et al. examined the potential security threats associated with applying LLM in modern power systems for proactive research and development of countermeasures to mitigate these threats and safeguard operational integrity. Based on the presented solutions, many lessons can be deduced and learned. These lessons are presented in the next section in full detail. In smart grid settings, GANs and LLMs provide sophisticated capabilities for both attack simulation and defense augmentation. For instance, LLMs can automate threat intelligence by examining security records and generating alerts or action plans that are accessible by humans, while GANs can be used to generate adversarial scenarios for training anomaly detectors.

In-Depth Analysis of GAN and LLM-Based Solutions

An in-depth analysis of GAN and LLM-based solutions for smart grid security is presented in this paragraph (see Table 33).
For GAN-based solutions, the lack of labeled attack data is one of the main obstacles to training security models for smart grids. GANs can provide synthetic but realistic cyberattack samples to supplement constrained datasets, allowing for more robust and generalizable IDSs training. GANs can model adversarial methods to mimic adaptive or covert attack behaviors. These adversarial scenarios help in exposing hidden weaknesses in security procedures and stress-testing current defensive mechanisms. Mode collapse and training instability are well known to affect GAN models. Customized architectures, such as TimeGAN or conditional GANs, are needed to apply them to smart grid data, which frequently consists of time-series telemetry and operational logs. To prevent overfitting or the introduction of noise, the synthetic data must also be assessed for realism and diversity.
For LLM-based solutions, LLMs provide a strong basis for real-time danger analysis, policy creation, and intelligent monitoring in smart grid settings. They are used for automation and decision support in addition to general NLP activities. LLMs are able to analyze both structured and unstructured SCADA system records, spot unusual operator behavior patterns, and provide corrective measures. They are ideal for changing threat environments due to their zero-shot and few-shot learning capabilities. LLMs can help with real-time diagnostics and reaction generation during security events by being trained or refined on domain-specific corpora, such as utility laws, incident response manuals, and cybersecurity best practices. LLMs can help with real-time diagnostics and reaction generation during security events by being trained or refined on domain-specific databases, such as utility laws, incident response manuals, and cybersecurity best practices. Despite its potential, latency, interpretability, and data privacy are among the key implementation challenges that LLMs must overcome in real-time smart grid systems. For edge deployment, lighter or more condensed versions (such as LoRa or quantized models) might be more useful. To adjust to evolving grid designs and threat profiles, attentive prompt engineering and frequent retraining are also necessary.
For combined use, a hybrid GAN-LLM strategy might be particularly effective. While GANs create artificial attack scenarios, LLMs assess and interpret them for downstream automation pipelines or human operators. Proactive defense, improved situational awareness, and semi-autonomous response mechanisms are all supported by this confluence. Utilities may advance towards more intelligent, flexible, and robust cybersecurity infrastructures by integrating these AI-driven models into the smart grid ecosystem. Stakeholder cooperation, domain-specific adjustments, and thorough validation are necessary to guide their integration.

8. Proposed Framework: Multi-Layer Threat-Defense Alignment Framework

In contrast to earlier research that mainly lists smart grid defenses and attacks without providing a cohesive viewpoint, this study presents the MLTDAF. This approach enables comprehensive and proactive security planning for smart grid infrastructures by mapping physical and cyber threats to corresponding architectural layers and suggesting customized defense methods. This enhances the state of the art.

8.1. Layered Smart Grid Architecture

Five logical layers will make up the smart grid, each with a distinct threat surface and functional role:
  • Perception Layer: Is made up of data-gathering actuators, smart meters, and Internet of Things sensors.
  • Network Layer: Is made up of gateways, routing systems, and communication protocols.
  • Control Layer: Includes Programmable Logical Controllers (PLCs), backend controllers, and Supervisory Control and Data Acquisition (SCADA) systems for automation and decision-making.
  • Application Layer: Makes user-facing services like demand response, billing, and analytics on energy use possible.
  • Management Layer: Provides governance, auditing, and general security and policy enforcement.

8.2. Threat and Defense Mapping

Every architectural layer is vulnerable to different threats. The primary threats and suitable countermeasures for each tier are listed in Table 34.

8.3. MLTDAF Contributions

The MLTDAF framework provides several unique features:
  • Cross-Layer Integration: This framework methodically matches threats with the smart grid’s architectural makeup in contrast to other taxonomies that concentrate on specific attack types.
  • Strategic Risk Management: By connecting the threat landscape to vital system operations, strategic risk management enables the allocation of security resources in a prioritized manner.
  • Scalability and Flexibility: These facilitate ongoing adaptation by allowing for modular upgrades that take into account new attack methods and defense strategies.
The MLTDAF paradigm can be used in both brownfield (new infrastructure) and greenfield (existing infrastructure) smart grid deployments due to its modular versatility. Its multilayered architecture facilitates plug-in compatibility with third-party intrusion detection, anomaly detection, and encrypted communication layers, as well as integration with current SCADA security regulations. However, interoperability standards such as IEEE 2030 and IEC 61850, as well as the financial and training limitations that utility companies confront, must be taken into account in real-world applications.

8.4. Applications of MLTDAF in Counter-Terrorism

Due to their continued importance in national infrastructure, smart grids are now frequently the target of hybrid warfare and cyber-terrorism. Cyber-criminals, state-sponsored organizations, and terrorist organizations are among the malicious actors who aim to interfere with energy supply systems to cause fear, financial harm, or political influence. A strong defense paradigm designed for such high-impact threats is provided by the MLTDAF proposed in this study (see Table 35).

8.4.1. Layered Defense Against Hybrid Terrorist Attacks

Proactive security hardening is made possible by MLTDAF’s alignment of physical and cyber threats to architectural layers. Terrorist actors might combine cyber incursions (such as fake data injection attacks) with physical disruption (like shutting down substations). In addition to offering countermeasures such as tamper-proof hardware at the perception layer and real-time behavioral analysis in the control layer, MLTDAF assists security teams in determining which layer is being targeted. This enables the implementation of a distributed defense plan that reduces grid-wide outages and cascade failures.

8.4.2. Enhancing Threat Detection and Early Warning

One of the key aspects of counter-terrorism is the timely identification of threats. MLTDAF integrates advanced detection mechanisms, including machine-learning-based anomaly detection and SDN-supported traffic monitoring, which are vital in detecting covert or Advanced Persistent Threats (APTs). For example, coordinated zero-day attacks or GPS spoofing attempts can be rapidly identified by mapping irregularities to the Control Layer, enabling swift mitigation.

8.4.3. Supporting Incident Response and Recovery Planning

Early threat detection is one of the most crucial components of counter-terrorism. To identify covert or Advanced Persistent Threats (APTs), MLTDAF incorporates sophisticated detection techniques, including anomaly detection based on machine learning and traffic monitoring supported by Software-Defined Networking (SDN). By mapping anomalies to the Control Layer, for instance, coordinated zero-day attacks or GPS spoofing attempts can be quickly detected and mitigated.

8.4.4. Enabling Policy-Level Counter-Terrorism Strategy

The modularity of the framework enables the creation of contingency procedures tailored to individual layers. MLTDAF enables the design of robust incident response tactics by providing insight into the propagation of specific attacks (such as malware insertion, jamming, or Sybil attacks) throughout the system. Layer-level vulnerability evaluations enable counter-terrorism units and infrastructure operators to allocate resources more effectively, practice emergency responses, and simulate attack scenarios.

8.4.5. Theoretical Approach

The suggested architecture is a multi-layered procedure that starts with edge-level data collecting from both IT and OT devices. AI/ML models are then used to preprocess and analyze this data, identifying abnormalities and correlating events from various sources. Following the identification of an anomaly, alerts are ranked and routed to a response coordination module, which, depending on the type of incident, either escalates the issue to the relevant Security Operations Center (SOC) or OT security teams or automates the mitigation procedure.
Despite still being theoretical, this approach will be further developed and defined in future work to ensure it is adopted as an effective countermeasure that can be used to thwart terrorist attacks, offering early detection and effective, robust, and sophisticated security measures and countermeasures against attacks targeting each layer. MLTDAF aims to be operated by a network of actors at many layers. OT security specialists focus on control-level events in SCADA and substations, while IT SOC personnel manage alerts at the enterprise and communication layers. AI-based support tools help reduce false positives and improve incident classification, while human analysts handle high-risk response decisions and facilitate cross-domain collaboration.

8.4.6. Analytical Comparison

This analytical comparison is based on design goals and is compared with the design goals and theoretical capabilities of a traditional Security Information and Event Management (SIEM). A qualitative comparison between the suggested framework and traditional SIEM systems is shown in Table 36. Traditional SIEMs are still useful in IT settings. However, they frequently do not support OT, DER, and older equipment in smart grids. This gap is filled by the suggested architecture, which integrates ML-driven, privacy-aware, and low-latency features with full SGAM-layer alignment and support for both centralized and decentralized grid domains.

8.4.7. Ongoing and Future Work Statements

MLTDAF will be functioning as an overlay on top of current SCADA systems in a real-world utility environment, enhancing them with threat detection and response capabilities without compromising operational safety. The structure of MLTDAF may be mapped to the operational levels of the Purdue model, ranging from field to enterprise, and is made to be flexible enough to accommodate both the horizontal and vertical layers of SGAM. This human–machine teaming approach should be vital in counter-terrorism scenarios, where early detection, coordinated response, and layered visibility can prevent cascading disruptions or targeted physical–cyberattacks on critical infrastructure. Overall, this paper presents a conceptual framework. The future work will include implementing the architecture in a testbed environment and benchmarking it against conventional SIEM solutions using real smart grid data.

9. Lessons Learned, Suggestions, and Recommendations

The integration of smart grids within IoT’s framework has underscored the necessity for robust security and safety measures to ensure the resilience and efficiency of the grid. These lessons learned emphasize the importance of adopting lightweight, real-time techniques to mitigate both safety and security-related threats, which are presented next.

9.1. Lessons Learned

Here are some security lessons that have been learned from existing security breaches against smart grid systems and must be respected and adopted as a way to ensure safer and more secure smart grid systems for IoT domains:
  • Risk Management: This is essential for smart grid systems to reduce both the occurrence and likelihood of that risk occurring. Hence, several key points are presented to mitigate it. Active Incident Response: This necessitates continuous observation of vital smart grid systems to identify possible security breaches and start an operational incident response plan to react immediately to a security issue or incident. Validation Testing: This is to identify and address the vulnerabilities surrounding the smart grid system components before exploitation. This can be done by relying on vulnerability scanning and penetration testing. Enhanced Risk Management Plans: These are based on constant risk assessments being regularly conducted to develop enhanced risk management plans to mitigate identified risks using cryptography and non-cryptography-based measures, as well as technical (i.e., monitoring and access control) and non-technical controls (i.e., policies, standards, and incident response).
  • Cyber–Physical Threat Intelligence: CTI requires constant gathering, analysis, and sharing of information related to cyber threats with a potential impact to intentionally damage the infrastructure of the smart grid and interrupt its operations. This is frequently achieved by monitoring and evaluating threat intelligence data to identify and recognize new threats and weaknesses and then addressing them with proactive security measures. This move cannot be achieved without understanding the interdependencies between the smart grid’s cyber and physical aspects. Security and Safety Awareness Training: This is especially for users and operators to protect the smart grid systems to avoid risky behaviors, overcome phishing and social and reverse engineering, and raise situational awareness training, encouragement training, and accountability. This requires being aware of how to identify and report suspicious activity, protect sensitive data, and respond to a security incident. Enhanced Physical Security: Examples include tamper-resistant equipment, access control, surveillance, and secure storage to thwart theft, vandalism, and sabotage. Mitigating Insider Threats: Threats may be mitigated by, e.g., adopting security measures that limit access privileges, offering timed access control, training employees on security best practices, and monitoring smart grid systems, networks, and devices for any suspicious activities before initiating an incident response reaction. Securing Logistics and Supply Chains: This is to avoid exploiting hardware and software vulnerabilities, with smart grid systems being tampered with or compromised. This requires obtaining verified software components and equipment from trusted vendors before validating and testing them before integrating them into the smart grid system.
Figure 7 summarizes future directions, lessons learned, suggestions, and recommendations.

9.2. Suggestions and Recommendations

Ensuring the smart grid’s critical system safety and security [216,304] is necessary to keep a safe environment for users and operators. In the following, a set of recommendations necessary to ensure secure smart grid systems at different levels, such as the use of cryptographic solutions to ensure secure communication and secure data storage and processing in addition to segment network and the use of ethical hacking and digital forensics to reinforce security and safety of smart grid systems.

9.2.1. Cryptographic Suggestions

These suggestions include secure communication as it is a key component that enables smart grid components to communicate with each other. It is essential to present different robust security measures to maintain the necessary level of communication efficiency, safety, security, and performance. This also includes secure data availability in transit and at rest as smart grid data integrity and confidentiality are ensured by secure data availability, which is achieved through robust data handling protocols and encryption. Robust cryptographic techniques encrypt data as it is transmitted, guarding against unwanted access and alteration. Data is safeguarded from unauthorized access and tampering while at rest by being stored in secure environments with access controls, which preserves the confidentiality and integrity of smart grid activities. Moreover, it includes a multi-factor authentication protocol by enforcing users to submit two or more verification factors, such as combining their identity (biometric scan) with their smart card or token (smart card), or something they know (password), which increases the security of smart grids. These protocols are known as multi-factor authentication (MFA) protocols. This method enhances authentication integrity against cyberattacks targeting smart grid infrastructure while reducing the likelihood of unauthorized access.

9.2.2. Network Segmentation for Smart Grids

Network segmentation is a critical strategy for enhancing the security and resilience of smart grids by dividing the network into smaller, isolated segments or zones. This approach limits the spread of potential cyberattacks and confines breaches to a single segment, preventing lateral movement across the entire network. Each segment can be tailored with specific security policies and controls that address that zone’s unique needs and vulnerabilities. The effect of cyberattacks and unauthorized access is reduced by separating critical assets, such as data centers and control systems, from less vulnerable areas, including administrative networks. This strategy protects the availability and integrity of smart grid operations by narrowing the attack surface, tightening access constraints, and facilitating more targeted monitoring and response capabilities inside each segmented zone.

9.2.3. Advanced Ethical Hacking and Digital Forensics

Forensics is essential when it comes to testing and assessing the security level of a smart grid. Therefore, several measures could be adopted, such as employing advanced techniques of digital forensics and ethical hacking.
(A)
Employing Digital Forensics After Incident: To maintain the efficiency, security, and safety of smart grid systems, digital forensics tactics must be integrated. This is because they can make it possible to identify attack vectors and their source [305]. This is particularly important since, in addition to the vulnerabilities that currently exist in ML and DL, the system can be compromised at the client device, centralized server, or network levels [274,275]. Using digital forensics in the wake of a cyber incident involving smart grids requires carefully gathering and examining data from compromised systems to identify the attack vector, assess the size of the breach, and ascertain the techniques used by the attackers. This approach is essential to reconstructing the incident timeline, preserving evidence for use in court, and guiding future security measures aimed at averting recurrence and enhancing the overall resilience of the grid.
(B)
Employing Periodic Ethical Hacking: Since clients, servers, and network devices are vulnerable to various attacks, smart grid systems must periodically rely on ethical hacking techniques and tools [286] to identify potential vulnerabilities and suggest appropriate countermeasures to guarantee a higher level of security and privacy preservation. Since the selected client or server devices’ data samples are incorporated in the model training process, this technique can identify whether or not they are susceptible to attacks or can be compromised. As a result, intentional damage can also be achieved, aside from information leakage, while exposing the privacy of the training dataset. Therefore, to find and address any exploitable weakness or security gap, the security of every smart grid system component needs to be addressed and evaluated.
When authorized security professionals use simulated cyberattacks to periodically probe the smart grid’s communication network for vulnerabilities, they can find possible gaps in smart grids before hostile actors can exploit them. This technique is known as periodic ethical hacking. Through constant evaluation and enhancement of the grid’s security posture, this proactive strategy guarantees improved defense mechanisms and overall system robustness against changing threats. Enhancing smart grid security involves adopting a segmentation process to isolate critical components and mitigate potential malware attacks like worms and Trojans. Regular updates and patching across smart grid applications, software, firmware, middleware, devices, and hardware ensure ongoing resilience against emerging threats. Effective third-party management is essential as it verifies the security practices of external entities accessing smart grid systems, such as cloud storage or data analytics, to uphold stringent security standards and mitigate risks associated with external access.

9.2.4. Implementing Strong Security Measures

Deploying robust monitoring systems (i.e., IDS and Honeypots), securing remote access using advanced access controls and authorization, and using Virtual Private Networks (VPNs) to connect securely without compromising the system’s integrity [222]. This includes cybersecurity measures such as AI and physical security solutions in addition to dynamic honeypots.
(A)
Adopting the Security-by-Design Concept: This involves adding security to the smart grid system’s design while adopting a defense-in-depth strategy that deploys multiple security control layers to provide resiliency and robustness against potential cyber–physical attacks.
(B)
AI Solutions for Cybersecurity: Through constant analysis of enormous volumes of data, artificial intelligence (AI) technologies improve cybersecurity in smart grids by quickly identifying anomalies and possible threats. By adjusting to changing assault tactics, machine learning algorithms can increase the precision and speed of threat identification. AI also automates incident response, reducing risks quickly and effectively to preserve smart grid infrastructure security and resilience against sophisticated cyberattacks. Therefore, employing advanced machine learning and reinforcement learning safety and security measures in addition to federated learning [242] approaches to develop efficient solutions can quickly recognize, identify, and address abnormalities.
(C)
Enhanced Physical Security. This step is recommended for smart grid hardware components, including antennas, grids, substations, and other critical infrastructure. In other words, to safeguard vital infrastructure from both digital and physical threats, smart grids must integrate powerful encryption, firewalls, and intrusion detection systems with physical barriers, surveillance, and access controls. This all-encompassing security plan reduces risks and strengthens resilience against possible incidents while guaranteeing the grid’s availability, integrity, and confidentiality.
(D)
Dynamic Honeypots: To ensure a greater level of safeguarded deceptive technology that will be able to increase the detection level with a higher level of engagement, honeypots should be deployed at the client’s end or the centralized server with the dynamic variable selection of vulnerabilities. This makes it possible to gather and evaluate real-time information about the attacker more rapidly and precisely. To attract and identify malicious actors and their techniques and proactively strengthen the defensive mechanisms of the smart grid, honeypots are deliberately placed to mimic susceptible components. This strategy not only offers early-warning signals and real-time threat intelligence but also deters attackers from targeting important assets, enabling thorough forensic investigation and increased defense against cyber attacks.

9.2.5. Physical Security Measures for Smart Grids

This type of security measure requires implementing robust physical security measures and is essential for protecting the infrastructure of smart grids from unauthorized access, vandalism, and other physical threats. This involves securing critical components such as power plants, substations, and control centers with a combination of security technologies and practices. Smart grid physical security measures include a range of tactics to defend assets and infrastructure against external attacks. At substations, control centers, and other critical facilities, perimeter fences, security cameras, access control systems, and intrusion detection sensors are required. Using strong locks, alarms, and physical obstacles also improves safeguards against tampering and unwanted access. By reducing vulnerabilities, preventing intrusions, and guaranteeing the continuous operation of smart grid components, these precautions protect against physical attacks and guarantee the dependability of energy distribution networks.

9.2.6. Regular Vulnerability Assessment and Risk Monitoring

This method is crucial for ensuring smart grid security. This involves conducting penetration testing and simulating attack scenarios to evaluate security levels and response capabilities. It also requires implementing risk management measures to mitigate identified threats through various security countermeasures. Constant testing of smart grid systems through vulnerability assessments, penetration testing, log monitoring, and advanced threat modeling helps identify and address emerging security risks promptly and effectively. These practices are essential for maintaining the resilience and security of smart grid infrastructure against evolving cyber threats. This also requires enhancing control access and accountability in addition to regulatory compliance, which is described in the following:
(A)
Enhancing Control Access and Accountability. This step is needed to enhance accountability methods through deterrence policies, and limiting access for various users (i.e., attribute control access schemes) is crucial to reducing internal threats and fostering a safe and trustworthy environment. It also requires motivating all entities, boosting confidence, and discouraging bad actors. It also promotes the accountability of users and the ability to disclose any suspicious behavior or illegal activity quickly.
(B)
Regulatory Compliance. Compliance is also needed to enhance the cyber–physical security and safety of the smart grid critical infrastructure, such as the Critical Infrastructure Protection (CIP) and North American Electric Reliability Corporation (NERC) standards, the IEC 62351 standards series [306,307], and the NIST Framework [17]. In other terms, strict authentication procedures and granular access controls must be implemented to guarantee that only authorized individuals can interact with vital systems to improve control access and accountability in smart grids. This strategy guarantees traceability and accountability in conjunction with thorough logging and monitoring of user actions. It lowers the possibility of illegal access and facilitates quick incident response and forensic investigations.

9.2.7. Universal Collaboration

Government agencies and cybersecurity groups must collaborate universally to provide effective smart grid security. As part of this collaboration, information is continuously shared for threat intelligence analysis and developing best practices for smart grid system security. It also requires researching new technologies, such as edge computing and 5G, particularly in relation to smart grid security, and evaluating how security measures impact system performance. Furthermore, resilience research concentrates on protecting vital smart grid infrastructure against terrorism, natural disasters, armed conflict, and other possible threats (i.e., military operations or acts of terrorism). This also includes user education and training for smart grids. However, improving cybersecurity resilience for smart grids requires user education and training. This entails educating employees and other relevant parties on cybersecurity best practices, such as creating and maintaining secure passwords, recognizing phishing scams, and promptly reporting any suspicious activity. Cybersecurity procedures unique to smart grid operations, as well as new threats, should be covered in regular training sessions. Users can lower the risk of cyber events and guarantee the dependable operation of smart grid systems by actively safeguarding sensitive data and infrastructure and cultivating a culture of cybersecurity awareness. Figure 8 presents a safeguard based on an in-depth examination of the smart grid architecture.

10. Future Research Directions

Regarding future directions, it is also essential to set the direction of future research to enhance the safety and security of smart grid systems in IoT domains, ensuring their confidentiality, integrity, availability, robustness, and functionality.

10.1. Lightweight Cryptographic Solutions

Data security is primarily protected by cryptographic solutions, which consist of cryptographic algorithms and protocols. Consequently, designing lightweight cryptographic algorithms and protocols becomes vital for protecting smart grid systems, and these points are described in the following:

10.1.1. Lightweight Cryptographic Algorithms

These algorithms are needed to guarantee that the final entities are safely and securely connected. These adjustments will protect communicated/stored data from being intercepted, altered, or even destroyed. Therefore, to guarantee data availability, message authentication, and confidentiality/integrity, lightweight cryptographic algorithms are needed. Two possible directions are as follows:
  • Optimizing the hardware/software implementation of existing cryptographic algorithms, where a set of recent solutions follows this direction.
  • Algorithm optimization: Reducing the number of rounds or using simple round functions (symmetric algorithm) or operations instead of complicated ones. This approach may start with a collection of current lightweight cryptographic algorithms for IoT systems, such as [308,309,310].
Therefore, to ensure data confidentiality, integrity, and authenticity during communication, effective lightweight cryptographic algorithms are used to secure data exchanges while maintaining system performance by reducing computational and communication costs. Their significance lies in their ability to uphold strong security measures in settings where energy efficiency and conservation are top considerations.

10.1.2. Lightweight Cryptographic Authentication Protocols

Defining and designing a lightweight symmetric/asymmetric authentication protocol that can effectively balance security and performance is one of the main steps in the right direction [311,312]. To reach this goal, recent solutions use lightweight cryptographic algorithms. Let us indicate that recent authentication solutions are reinforced using other factors (you are and you know). Cybersecurity requires lightweight cryptographic authentication systems, particularly for situations with limited resources like smart grids and Internet of Things devices.

10.2. Lightweight and Robust ML/AI Solutions

Integrating AI/ML-based grid security schemes into future directions can improve the resilience of the smart grid and ensure the reliability and security of the grid infrastructure with accuracy and efficiency by continuously adapting to evolving threats, detecting anomalies, and proactively mitigating potential attacks. Using cutting-edge machine learning algorithms to examine massive volumes of data produced by smart grid systems is necessary to include AI/ML-based grid security methods in future approaches. These algorithms make real-time detection of cyber threats or anomalous behavior possible, enabling prompt response and mitigation. Using these tactics will help smart grid systems become more resilient and dependable in the face of changing cyber threats. Edge AI for cybersecurity has become one of the main research directions and can benefit well from the federated learning approach. On the other hand, Edge AI can employ one or several techniques to construct lightweight machine learning techniques such as Pruning, Weight Sharing, Quantization, Low-rank Approximation, Sparse Regularization, and Distillation in addition to feature selection for tabular/time-series datasets. Distillation techniques are one of the main directions that should be improved to construct lightweight deep-learning models that can achieve a good balance between model performance and device/application requirements. In the following, a set of possible future research points is presented to protect AI/ML solutions for smart grids or to use AI/ML to protect smart grids.

10.2.1. Lightweight and Robust Anomaly Detection/Prevention Systems

By utilizing machine learning and statistical techniques, lightweight anomaly detection/prevention systems can be implemented in smart grids with greater efficiency. To find unusual activity and unapproved access, these systems monitor device connections and network traffic. They function smoothly in smart grid activities, requiring little computational resources and latency. To remain safe from cyberattacks and operational interruptions, regular upgrades and fine-tuning are essential for keeping up with changing threats.

10.2.2. RL for Cybersecurity

Reactive learning improves response and decision-making processes in the face of cyberattacks. RL algorithms acquire knowledge by interacting with their surroundings and obtaining feedback through incentives or punishments according to their activities. Real-time defensive adaptation, policy optimization, and autonomous detection and response to anomalies are all possible using reinforcement learning in cybersecurity applications. Reactive learning works especially well in complex and dynamic contexts like smart grids, where threats change quickly, and proactive defenses are needed to protect vital infrastructure.

10.2.3. Adversarial Defense Mechanisms

These mechanisms investigate methods to enhance ML resilience against adversarial attacks specific to smart grid environments. This includes researching techniques to detect and mitigate adversarial inputs that could compromise the security and reliability of grid operations. Adversarial defense strategies for smart grids involve setting strong cybersecurity measures to guard against data tampering and unauthorized access, such as intrusion detection systems, encryption, and secure communication protocols. Incorporating machine learning algorithms for continuous monitoring and anomaly detection, in addition to regular updates and patches, improves early detection, identification, and mitigation of possible attacks and threats.

10.2.4. Privacy-Preserving Techniques

These techniques aim to develop ML with built-in privacy-preserving mechanisms to handle sensitive data within smart grid communications. Techniques like federated learning with lightweight homomorphic cryptographic algorithms could be explored to ensure confidentiality while maintaining model performance. To protect user privacy while conducting critical analysis, smart grid privacy-preserving strategies include employing data anonymization and aggregation techniques. Furthermore, homomorphic encryption and secure multi-party computation allow for safe data processing and sharing without disclosing private information.

10.2.5. Future Work for LLMs in Smart Grids

This includes integrating LLMs in smart grids, developing frameworks to enhance IoT device security and anomaly detection with lightweight edge models and powerful cloud-based models, implementing real-time threat detection and predictive maintenance, and optimizing LLM architectures for distributed and edge computing. It focuses on enhancing LLMs’ natural language understanding and explanation capabilities for improved operator interaction, developing dynamic threat response systems, and integrating LLMs with blockchain for enhanced data integrity and transparency. Additionally, LLMs can aid in regulatory compliance monitoring, ensuring adherence to cybersecurity standards.

10.3. Ethical Hacking and Digital Forensics for Smart Grids

With the number of IoT devices expected to reach 75.44 billion by 2025, cyberattacks on IoT systems have surged, posing significant risks to smart grid infrastructures. Standard security measures often fall short due to resource constraints in IoT devices, necessitating periodic penetration testing and ethical hacking simulations. This paper [287] explores and evaluates security vulnerabilities in IoT systems through ethical hacking, providing practical solutions to enhance the security of smart grids by identifying and mitigating exploitable vulnerabilities in end devices, gateways, and servers. On the other hand, digital forensics for smart grids has become essential after the rise in cyberattacks against IoT systems, which have significantly impacted smart grids and caused substantial human and financial losses. Cybercriminals employ advanced anti-forensics techniques to evade detection, rendering traditional security measures ineffective. The work of [275] reviews advanced forensic and anti-forensic methods essential for safeguarding smart grids, emphasizing the need for sophisticated forensic techniques to counter evolving cyber threats and ensure the security and resilience of smart grid infrastructures.

10.4. Other Possible Future Research Directions

Other possible future research directions are covered in this part, and they include zero trust/hardware security in addition to the integration of new advanced technologies that are described in the following:

10.4.1. Zero-Day Attacks

To counter zero-day attacks, smart grid security requires a proactive strategy to quickly find and fix vulnerabilities not currently covered by available security solutions. Quickly identifying and addressing zero-day exploits entails putting advanced threat detection technologies, real-time monitoring systems, and automated reaction mechanisms into place. Additionally, encouraging cooperation between cybersecurity researchers and industry professionals is essential for the prompt disclosure of vulnerabilities and the creation of efficient updates and patches that lessen the impact of zero-day attacks on smart grid systems.

10.4.2. Zero-Trust Security

To incorporate zero-trust security concepts into smart grid infrastructure, a rigorous access control architecture that requires verification and authentication of all users, devices, and apps before granting them access to any resources must be used. This strategy monitors and authenticates identities and devices continuously throughout their life cycle, assuming that threats may come from both internal and external sources. Reducing the attack surface and containing possible breaches can be achieved by applying strategies like micro-segmentation to establish security zones and imposing least privilege access regulations. Furthermore, integrating real-time reaction capabilities, anomaly detection, and continuous monitoring improves the capacity to quickly identify and address security risks, guaranteeing resilient defense against constantly changing cyber threats in smart grid settings. Hardware Security: This is essential and requires more focus on hardware-based solutions such as securing processors, substations, transmission lines, antennas, grids, and other critical infrastructure, especially from criminal activities, terror-related attacks, and sabotage acts. In addition, these solutions should ensure resistance against hardware attacks such as side-channel and fault attacks.

10.4.3. Investigating Potential Risks

To find vulnerabilities that could jeopardize system integrity, a thorough investigation and assessment are necessary when looking into potential threats in smart grid security. To detect and lessen new risks, preemptive steps, including thorough risk assessments, threat modeling, and scenario-based simulations, are used. Smart grid operators may put strong security measures in place to safeguard vital infrastructure and guarantee the dependable and secure functioning of smart grid systems by regularly assessing and mitigating possible risks.

10.4.4. Advanced Strategies

Cutting-edge smart grid security techniques guarantee operations’ resilience and continuity even in the face of disruptive occurrences like natural disasters or accidents. By investigating cutting-edge technologies like quantum computing, federated learning, AI, digital forensics, and ethical hacking, potential risks and threats related to the growing complexity and heterogeneity of smart grid systems might be reduced. By strengthening the framework for threat detection, reaction, and recovery, these technologies support the security framework and help to prevent security breaches while preserving the smooth operation of the smart grid. Various opportunities for future research to improve the security and safety of smart grid systems were presented and debated. Nevertheless, as the smart grid domain evolves within the IoT field, new opportunities and challenges are likely to emerge.

10.4.5. Enhancing Research Innovation and Differentiation Strategies

Despite providing a thorough analysis of the state of smart grid security, the work presented primarily consists of existing research, lacking novel theoretical frameworks, quantitative support, or game-changing technology. Therefore, while contemporary and relevant, the suggested future research directions also address common issues in the broader cybersecurity and smart grid fields, including risk management frameworks, data privacy, and the integration of machine learning. The following differentiation techniques are suggested to increase the uniqueness and significance of the upcoming work.
  • Development of Novel Frameworks and Models: Future research should focus on proposing and validating novel security models, context-aware risk assessment frameworks, or resilience quantification metrics specifically applicable to hybrid CPSs within smart grids, rather than restating well-established security principles or enumerating known vulnerabilities.
  • Empirical Assessments and Practical Case Studies: These present empirical insights that aim to enhance theoretical advances. Potential avenues for future investigation include real-time simulations that utilize real smart grid data from utilities and field tests or pilot installations in testbeds that combine IoT-enabled monitoring technologies with renewable energy. Adversarial learning is also employed in attack–defense games to model and respond to Advanced Persistent Threats (APTs) in dynamic environments.
  • Cross-Domain Innovation: This includes multidisciplinary studies to provide novel insights. For example, modeling insider threat detection utilizes incentive structures and behavioral economics. Digital twins are also being used for virtual patch testing and proactive incident response planning. Investigating cryptographic techniques that are quantum-resilient is also designed especially for grid communication protocols.
  • Quantitative Differentiation of Threat Landscapes: This includes a framework based on comparative metrics to assess the intensity and effects of different attack types (e.g., DoS vs. FDIA) on various smart grid components. It also includes the multilayer countermeasure methods’ scalability and efficiency with limited resources.
  • Models of Security Governance Driven by Policy: Current recommendations focus on collaborative security practices but lack effective, policy-driven procedures. Future research aims to investigate frameworks for compliance automation that align with relevant regulations. Blockchain-powered auditability procedures for managing trust and data tracing. Architectures for exchanging global threat intelligence that are adapted to local technical and legal limitations.
  • Enhanced Pilot Studies and Testbed Deployments: Here, pilot studies and testbed deployments should be given top priority in future research to confirm the effectiveness and scalability of suggested defense methods. Furthermore, regulatory agencies and utility operators need to work together to establish practical security guidelines that make it easier for these frameworks to be adopted, especially in settings with limited resources or outdated systems.

11. Conclusions

Ensuring the security and safety of the smart grid is challenging due to its critical role in providing reliable and resilient energy distribution, improving efficiency, enhancing grid management, and supporting modern, resilient electricity systems. Nevertheless, this implies introducing new risks and threats, as well as vulnerabilities and difficulties related to cyber–physical safety and security, which are thoroughly addressed in this paper due to their potential to cause operational disruptions, data breaches, power outages, and financial losses. As a result, this paper proposes that multi-layered proactive security approaches should be enforced, including robust cryptography-based, non-cryptography-based, and machine-learning-based solutions, as well as penetration testing and forensics tools to maintain constant security protection for IoT devices, sensors, smart meters, transmission lines, substations, access control, and monitoring systems. Continuous risk assessment, vulnerability monitoring, regular training (i.e., security and awareness), and international cooperation should also be encouraged to help establish a security-conscious culture. By providing an organized mapping between smart grid architectural layers, threat types, and defense mechanisms, the proposed MLTDAF improves upon conventional methods. This framework offers an extensive and useful tool to assist in the creation of smart grid infrastructures that are safe, robust, and prepared for the future. Following an in-depth examination of the most significant cybersecurity issues in smart grid contexts, as well as a practical framework for future technological and academic efforts, the paper concludes by identifying future research directions.

Author Contributions

Conceptualization, J.P.A.Y., H.N.N., O.S. and K.C.; methodology, J.P.A.Y. and H.N.N.; investigation, J.P.A.Y., H.N.N., O.S. and K.C.; writing—original draft preparation, J.P.A.Y.; writing—review and editing, H.N.N., O.S. and K.C.; visualization, J.P.A.Y.; supervision, H.N.N. and K.C.; project administration, H.N.N. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Conflicts of Interest

Author Ola Salman was employed by the company DeepVu. The remaining authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

References

  1. Yaacoub, J.P.; Noura, H.; Azar, J.; Salman, O.; Chahine, K. Cybersecurity in Smart Renewable Energy Systems. In Proceedings of the 2024 International Wireless Communications and Mobile Computing (IWCMC), Ayia Napa, Cyprus, 27–31 May 2024; pp. 1534–1540. [Google Scholar]
  2. Ding, J.; Qammar, A.; Zhang, Z.; Karim, A.; Ning, H. Cyber threats to smart grids: Review, taxonomy, potential solutions, and future directions. Energies 2022, 15, 6799. [Google Scholar] [CrossRef]
  3. Sahani, N.; Zhu, R.; Cho, J.H.; Liu, C.C. Machine Learning-based Intrusion Detection for Smart Grid Computing: A Survey. Acm. Trans.-Cyber-Phys. Syst. 2023, 7, 1–31. [Google Scholar] [CrossRef]
  4. Mohassel, R.R.; Fung, A.S.; Mohammadi, F.; Raahemifar, K. A survey on advanced metering infrastructure and its application in smart grids. In Proceedings of the 2014 IEEE 27th Canadian Conference on Electrical and Computer Engineering (CCECE), Toronto, ON, Canada, 4–7 May 2014; pp. 1–8. [Google Scholar]
  5. Lázaro, J.; Astarloa, A.; Rodríguez, M.; Bidarte, U.; Jiménez, J. A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid. Electronics 2021, 10, 1881. [Google Scholar] [CrossRef]
  6. Jokar, P.; Arianpoo, N.; Leung, V.C. A survey on security issues in smart grids. Secur. Commun. Netw. 2016, 9, 262–273. [Google Scholar] [CrossRef]
  7. Tufail, S.; Parvez, I.; Batool, S.; Sarwat, A. A survey on cybersecurity challenges, detection, and mitigation techniques for the smart grid. Energies 2021, 14, 5894. [Google Scholar] [CrossRef]
  8. Nafees, M.N.; Saxena, N.; Cardenas, A.; Grijalva, S.; Burnap, P. Smart grid cyber-physical situational awareness of complex operational technology attacks: A review. ACM Comput. Surv. 2023, 55, 1–36. [Google Scholar] [CrossRef]
  9. Siozios, K.; Anagnostos, D.; Soudris, D.; Kosmatopoulos, E. IoT for Smart Grids; Springer: Cham, Switzerland, 2019. [Google Scholar]
  10. Dalipi, F.; Yayilgan, S.Y. Security and privacy considerations for iot application on smart grids: Survey and research challenges. In Proceedings of the 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), Vienna, Austria, 22–24 August 2016; pp. 63–68. [Google Scholar]
  11. Noura, H.N.; Yaacoub, J.P.A.; Salman, O.; Chehab, A. Advanced Machine Learning in Smart Grids: An Overview. Internet Things-Cyber-Phys. Syst. 2025, 5, 95–142. [Google Scholar] [CrossRef]
  12. Maddikunta, P.K.R.; Pham, Q.V.; Prabadevi, B.; Deepa, N.; Dev, K.; Gadekallu, T.R.; Ruby, R.; Liyanage, M. Industry 5.0: A survey on enabling technologies and potential applications. J. Ind. Inf. Integr. 2022, 26, 100257. [Google Scholar] [CrossRef]
  13. Leng, J.; Sha, W.; Wang, B.; Zheng, P.; Zhuang, C.; Liu, Q.; Wuest, T.; Mourtzis, D.; Wang, L. Industry 5.0: Prospect and retrospect. J. Manuf. Syst. 2022, 65, 279–295. [Google Scholar] [CrossRef]
  14. Fatima, Z.; Tanveer, M.H.; Waseemullah; Zardari, S.; Naz, L.F.; Khadim, H.; Ahmed, N.; Tahir, M. Production plant and warehouse automation with IoT and industry 5.0. Appl. Sci. 2022, 12, 2053. [Google Scholar] [CrossRef]
  15. Xu, X.; Lu, Y.; Vogel-Heuser, B.; Wang, L. Industry 4.0 and Industry 5.0—Inception, conception and perception. J. Manuf. Syst. 2021, 61, 530–535. [Google Scholar] [CrossRef]
  16. Qays, M.O.; Ahmad, I.; Abu-Siada, A.; Hossain, M.L.; Yasmin, F. Key communication technologies, applications, protocols and future guides for IoT-assisted smart grid systems: A review. Energy Rep. 2023, 9, 2440–2452. [Google Scholar] [CrossRef]
  17. Hasan, M.K.; Habib, A.A.; Shukur, Z.; Ibrahim, F.; Islam, S.; Razzaque, M.A. Review on cyber-physical and cyber-security system in smart grid: Standards, protocols, constraints, and recommendations. J. Netw. Comput. Appl. 2023, 209, 103540. [Google Scholar] [CrossRef]
  18. Kuzlu, M.; Pipattanasomporn, M.; Rahman, S. Communication network requirements for major smart grid applications in HAN, NAN and WAN. Comput. Netw. 2014, 67, 74–88. [Google Scholar] [CrossRef]
  19. Usman, A.; Shami, S.H. Evolution of communication technologies for smart grid applications. Renew. Sustain. Energy Rev. 2013, 19, 191–199. [Google Scholar] [CrossRef]
  20. Baimel, D.; Tapuchi, S.; Baimel, N. Smart grid communication technologies-overview, research challenges and opportunities. In Proceedings of the 2016 International Symposium on Power Electronics, Electrical Drives, Automation and Motion (SPEEDAM), Capri, Italy, 22–24 June 2016; pp. 116–120. [Google Scholar]
  21. Faheem, M.; Shah, S.B.H.; Butt, R.A.; Raza, B.; Anwar, M.; Ashraf, M.W.; Ngadi, M.A.; Gungor, V.C. Smart grid communication and information technologies in the perspective of Industry 4.0: Opportunities and challenges. Comput. Sci. Rev. 2018, 30, 1–30. [Google Scholar] [CrossRef]
  22. Mahmood, A.; Javaid, N.; Razzaq, S. A review of wireless communications for smart grid. Renew. Sustain. Energy Rev. 2015, 41, 248–260. [Google Scholar] [CrossRef]
  23. Ho, Q.D.; Gao, Y.; Le-Ngoc, T. Challenges and research opportunities in wireless communication networks for smart grid. IEEE Wirel. Commun. 2013, 20, 89–95. [Google Scholar] [CrossRef]
  24. Wibisono, G.; Permata, S.G.; Awaludin, A.; Suhasfan, P. Development of advanced metering infrastructure based on LoRa WAN in PLN Bali toward Bali Eco smart grid. In Proceedings of the 2017 Saudi Arabia Smart Grid (SASG), Jeddah, Saudi Arabia, 12–14 December 2017; pp. 1–4. [Google Scholar]
  25. Gopinathan, N.; Shanmugam, P.K.; Singh, M. Smart Grid Architecture Model (SGAM) for resilience using Energy Internet of Things (EIoT). In Proceedings of the 2022 22nd National Power Systems Conference (NPSC), New Delhi, India, 17–19 December 2022; pp. 248–253. [Google Scholar]
  26. Abrahamsen, F.E.; Ai, Y.; Cheffena, M. Communication technologies for smart grid: A comprehensive survey. Sensors 2021, 21, 8087. [Google Scholar] [CrossRef]
  27. Ghelani, D. Cyber Security in Smart Grids, Threats, and Possible Solutions. Authorea Prepr. 2022. [Google Scholar] [CrossRef]
  28. International Electrotechnical Commission. IEC 61850: Communication Networks and Systems for Power Utility Automation; IEC Standard Series: Geneva, Switzerland, 2021. [Google Scholar]
  29. Modbus Organization. Modbus Application Protocol Specification, Version 1.1b3; Modbus-IDA: North Grafton, MA, USA, 2012. [Google Scholar]
  30. IEEE Standards Association. IEEE Std 1815-2012: IEEE Standard for Electric Power Systems Communications—Distributed Network Protocol (DNP3); IEEE: New York, NY, USA, 2012. [Google Scholar]
  31. Cavalieri, S.; Cantali, G.; Susinna, A. Integration of iot technologies into the smart grid. Sensors 2022, 22, 2475. [Google Scholar] [CrossRef]
  32. Kim, Y.; Hakak, S.; Ghorbani, A. Smart grid security: Attacks and defence techniques. IET Smart Grid 2023, 6, 103–123. [Google Scholar] [CrossRef]
  33. Mehmood, M.Y.; Oad, A.; Abrar, M.; Munir, H.M.; Hasan, S.F.; Muqeet, H.A.U.; Golilarz, N.A. Edge computing for IoT-enabled smart grid. Secur. Commun. Netw. 2021, 2021, 5524025. [Google Scholar] [CrossRef]
  34. Gong, C.; Zhang, C.; Zhuang, Q.; Li, H.; Yang, H.; Chen, J.; Zang, Z. Stabilizing buried interface via synergistic effect of fluorine and sulfonyl functional groups toward efficient and stable perovskite solar cells. Nano-Micro Lett. 2023, 15, 17. [Google Scholar] [CrossRef] [PubMed]
  35. Kakkar, L.; Gupta, D.; Saxena, S.; Tanwar, S. IoT architectures and its security: A review. In Proceedings of the Second International Conference on Information Management and Machine Intelligence: ICIMMI 2020, Jaipur, India, 24–25 July 2021; pp. 87–94. [Google Scholar]
  36. IEEE Standards Association. IEEE Std 802.15.4-2020: IEEE Standard for Low-Rate Wireless Networks; IEEE: New York, NY, USA, 2020. [Google Scholar]
  37. North American Electric Reliability Corporation. NERC CIP: Critical Infrastructure Protection Standards; NERC: Atlanta, GA, USA, 2023. [Google Scholar]
  38. IEEE Standards Association. IEEE Std 2030–2011: IEEE Guide for Smart Grid Interoperability of Energy Technology and Information Technology Operation with the Electric Power System (EPS), End-Use Applications, and Loads; IEEE: New York, NY, USA, 2011. [Google Scholar]
  39. National Institute of Standards and Technology. NIST Special Publication 800-82 Revision 2: Guide to Industrial Control Systems (ICS) Security; NIST: Gaithersburg, MD, USA, 2015. [Google Scholar]
  40. International Organization for Standardization and International Electrotechnical Commission. ISO/IEC 27001: Information Technology—Security Techniques—Information Security Management Systems—Requirements; ISO/IEC: Geneva, Switzerland, 2013. [Google Scholar]
  41. International Electrotechnical Commission. IEC 62351: Power Systems Management and Associated Information Exchange—Data and Communications Security, Parts 1–14 (2007–2018); IEC: Geneva, Switzerland, 2020. [Google Scholar]
  42. Francia, G.A., III; El-Sheikh, E. NERC CIP standards: Review, compliance, and training. Glob. Perspect. Inf. Secur. Regul. Compliance Control Assur. 2022, 48–71. [Google Scholar] [CrossRef]
  43. North American Electric Reliability Corporation. CIP-003-9: Cyber Security—Security Management Controls; NERC Reliability Standard: Atlanta, GA, USA, 2022. [Google Scholar]
  44. North American Electric Reliability Corporation. CIP-005-7: Cyber Security—Electronic Security Perimeter(s); NERC Reliability Standard: Atlanta, GA, USA, 2022. [Google Scholar]
  45. North American Electric Reliability Corporation. CIP-007-6: Cyber Security—System Security Management; NERC Reliability Standard: Atlanta, GA, USA, 2022. [Google Scholar]
  46. North American Electric Reliability Corporation. CIP-010-4: Cyber Security—Configuration Change Management and Vulnerability Assessments; NERC Reliability Standard: Atlanta, GA, USA, 2022. [Google Scholar]
  47. Chatterjee, S. The Importance of Penetration Testing in the Oil and Gas Industry: Mitigating Cyber Risks and Ensuring NERC CIP Compliance. IJSAT-Int. J. Sci. Technol. 2023, 14. Available online: https://www.ijsat.org/research-paper.php?id=1266 (accessed on 29 June 2025).
  48. Bouida, Z.; Fattahi, J.; Ahmed, A.; Ibnkahla, M.; Schriemer, H.; Abdullah, R. Smart Grid Communication Based on IEEE 2030 Standard. In Encyclopedia of Wireless Networks; Springer: Berlin/Heidelberg, Germany, 2020; pp. 1311–1318. [Google Scholar]
  49. Alsafran, A. A Feasibility Study of Implementing IEEE 1547 and IEEE 2030 Standards for Microgrid in the Kingdom of Saudi Arabia. Energies 2023, 16, 1777. [Google Scholar] [CrossRef]
  50. Gabel, R.; Sames, C.; Martinez, H.; Miller, P.; Snyder, J.N.; John, A. Operating Procedures for Developing Security Control Sets for Intelligent Transportation Systems (ITS); Technical Report; United States Department of Transportation, Intelligent Transportation: Washington, DC, USA, 2023. [Google Scholar]
  51. Staves, A.; Maesschalck, S.; Derbyshire, R.; Green, B.; Hutchison, D. Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines. In Proceedings of the 2023 IFIP Networking Conference (IFIP Networking), Barcelona, Spain, 12–15 June 2023; pp. 1–6. [Google Scholar]
  52. Malatji, M. Management of enterprise cyber security: A review of ISO/IEC 27001: 2022. In Proceedings of the 2023 International Conference on Cyber Management and Engineering (CyMaEn), Bangkok, Thailand, 26–27 January 2023; pp. 117–122. [Google Scholar]
  53. Kitsios, F.; Chatzidimitriou, E.; Kamariotou, M. The ISO/IEC 27001 information security management standard: How to extract value from data in the IT sector. Sustainability 2023, 15, 5828. [Google Scholar] [CrossRef]
  54. International Electrotechnical Commission. IEC 60870-5: Telecontrol Equipment and Systems—Part 5: Transmission Protocols; IEC Standard Series: Geneva, Switzerland, 2003–2017. [Google Scholar]
  55. Hussain, S.S.; Ustun, T.S.; Kalam, A. A review of IEC 62351 security mechanisms for IEC 61850 message exchanges. IEEE Trans. Ind. Inform. 2019, 16, 5643–5654. [Google Scholar] [CrossRef]
  56. Borgaonkar, R.; Tøndel, I.A.; Degefa, M.Z.; Jaatun, M.G. Improving smart grid security through 5G enabled IoT and edge computing. Concurr. Comput. Pract. Exp. 2021, 33, e6466. [Google Scholar] [CrossRef]
  57. Minh, Q.N.; Nguyen, V.H.; Quy, V.K.; Ngoc, L.A.; Chehri, A.; Jeon, G. Edge Computing for IoT-Enabled Smart Grid: The Future of Energy. Energies 2022, 15, 6140. [Google Scholar] [CrossRef]
  58. Sonker, S.K.; Raina, V.K.; Sagar, B.B.; Bansal, R.C. Fog computing-based IoT-enabled system security for electrical vehicles in the smart grid. Electr. Eng. 2024, 106, 1339–1355. [Google Scholar] [CrossRef]
  59. Shruti; Rani, S.; Shabaz, M.; Dutta, A.K.; Ahmed, E.A. Enhancing privacy and security in IoT-based smart grid system using encryption-based fog computing. Alex. Eng. J. 2024, 102, 66–74. [Google Scholar] [CrossRef]
  60. Agnew, D.; Boamah, S.; Bretas, A.; McNair, J. Network Security Challenges and Countermeasures for Software-Defined Smart Grids: A Survey. Smart Cities 2024, 7, 2131–2181. [Google Scholar] [CrossRef]
  61. Velasquez, W.; Moreira-Moreira, G.Z.; Alvarez-Alvarado, M.S. Smart Grids Empowered by Software-Defined Network: A Comprehensive Review of Advancements and Challenges. IEEE Access 2024, 12, 63400–63416. [Google Scholar] [CrossRef]
  62. Rahman, A.; Islam, J.; Kundu, D.; Karim, R.; Rahman, Z.; Band, S.S.; Sookhak, M.; Tiwari, P.; Kumar, N. Impacts of blockchain in software-defined Internet of Things ecosystem with Network Function Virtualization for smart applications: Present perspectives and future directions. Int. J. Commun. Syst. 2023, 38, e5429. [Google Scholar] [CrossRef]
  63. Cunha, J.; Ferreira, P.; Castro, E.M.; Oliveira, P.C.; Nicolau, M.J.; Núñez, I.; Sousa, X.R.; Serôdio, C. Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies. Future Internet 2024, 16, 226. [Google Scholar] [CrossRef]
  64. Jafari, M.; Kavousi-Fard, A.; Chen, T.; Karimi, M. A review on digital twin technology in smart grid, transportation system and smart city: Challenges and future. IEEE Access 2023, 11, 17471–17484. [Google Scholar] [CrossRef]
  65. Olivares-Rojas, J.C.; Reyes-Archundia, E.; Gutierrez-Gnecchi, J.A.; Molina-Moreno, I.; Cerda-Jacobo, J.; Méndez-Patiño, A. Towards cybersecurity of the smart grid using digital twins. IEEE Internet Comput. 2021, 26, 52–57. [Google Scholar] [CrossRef]
  66. Khalifa, T.; Abdrabou, A.; Shaban, K.; Gaouda, A.M. Heterogeneous wireless networks for smart grid distribution systems: Advantages and limitations. Sensors 2018, 18, 1517. [Google Scholar] [CrossRef] [PubMed]
  67. Kashem, S.B.A.; Chowdhury, M.E.; Khandakar, A.; Ahmed, J.; Ashraf, A.; Shabrin, N. Wind power integration with smart grid and storage system: Prospects and limitations. Int. J. Adv. Comput. Sci. Appl. 2020, 11. [Google Scholar] [CrossRef]
  68. Ghiasi, M.; Niknam, T.; Wang, Z.; Mehrandezh, M.; Dehghani, M.; Ghadimi, N. A comprehensive review of cyber-attacks and defense mechanisms for improving security in smart grid energy systems: Past, present and future. Electr. Power Syst. Res. 2023, 215, 108975. [Google Scholar] [CrossRef]
  69. Gunduz, M.Z.; Das, R. Cyber-security on smart grid: Threats and potential solutions. Comput. Netw. 2020, 169, 107094. [Google Scholar] [CrossRef]
  70. Agarkar, A.; Agrawal, H. A review and vision on authentication and privacy preservation schemes in smart grid network. Secur. Priv. 2019, 2, e62. [Google Scholar] [CrossRef]
  71. Cui, L.; Qu, Y.; Gao, L.; Xie, G.; Yu, S. Detecting false data attacks using machine learning techniques in smart grid: A survey. J. Netw. Comput. Appl. 2020, 170, 102808. [Google Scholar] [CrossRef]
  72. Kim, A.; Oh, J.; Ryu, J.; Lee, K. A review of insider threat detection approaches with IoT perspective. IEEE Access 2020, 8, 78847–78867. [Google Scholar] [CrossRef]
  73. Rafiei, M.; Khooban, M.H.; Igder, M.A.; Boudjadar, J. A novel approach to overcome the limitations of reliability centered maintenance implementation on the smart grid distance protection system. IEEE Trans. Circuits Syst. II Express Briefs 2019, 67, 320–324. [Google Scholar] [CrossRef]
  74. Kimani, K.; Oduol, V.; Langat, K. Cyber security challenges for IoT-based smart grid networks. Int. J. Crit. Infrastruct. Prot. 2019, 25, 36–49. [Google Scholar] [CrossRef]
  75. Fursov, I.; Yamkovyi, K.; Shmatko, O. Smart Grid and wind generators: An overview of cyber threats and vulnerabilities of power supply networks. Radioelectron. Comput. Syst. 2022, 50–63. [Google Scholar] [CrossRef]
  76. Fan, D.; Ren, Y.; Feng, Q.; Liu, Y.; Wang, Z.; Lin, J. Restoration of smart grids: Current status, challenges, and opportunities. Renew. Sustain. Energy Rev. 2021, 143, 110909. [Google Scholar] [CrossRef]
  77. Ourahou, M.; Ayrir, W.; Hassouni, B.E.; Haddi, A. Review on smart grid control and reliability in presence of renewable energies: Challenges and prospects. Math. Comput. Simul. 2020, 167, 19–31. [Google Scholar] [CrossRef]
  78. Abdukhakimov, A.; Bhardwaj, S.; Gashema, G.; Kim, D.S. Reliability analysis in smart grid networks considering distributed energy resources and storage devices. Int. J. Electr. Electron. Eng. Telecommun. 2019, 8, 233–237. [Google Scholar] [CrossRef]
  79. IEEE Standards Association. IEEE Std 1547-2018: IEEE Standard for Interconnection and Interoperability of Distributed Energy Resources with Associated Electric Power Systems Interfaces; IEEE: New York, NY, USA, 2018. [Google Scholar]
  80. Karatzas, S.; Chassiakos, A. System-theoretic process analysis (stpa) for hazard analysis in complex systems: The case of “Demand-Side Management in a Smart Grid”. Systems 2020, 8, 33. [Google Scholar] [CrossRef]
  81. Zhu, W.; Han, M.; Milanović, J.V.; Crossley, P. Methodology for reliability assessment of smart grid considering risk of failure of communication architecture. IEEE Trans. Smart Grid 2020, 11, 4358–4365. [Google Scholar] [CrossRef]
  82. Gündüz, M.Z.; Daş, R. Smart grid: Interoperability and cyber security. In Cyber Security Solutions for Protecting and Building the Future Smart Grid; Elsevier: Amsterdam, The Netherlands, 2025; pp. 299–320. [Google Scholar]
  83. Jha, A.V.; Appasani, B.; Ghazali, A.N.; Pattanayak, P.; Gurjar, D.S.; Kabalci, E.; Mohanta, D. Smart grid cyber-physical systems: Communication technologies, standards and challenges. Wirel. Netw. 2021, 27, 2595–2613. [Google Scholar] [CrossRef]
  84. Kirmani, S.; Mazid, A.; Khan, I.A.; Abid, M. A Survey on IoT-Enabled Smart Grids: Technologies, Architectures, Applications, and Challenges. Sustainability 2023, 15, 717. [Google Scholar] [CrossRef]
  85. Aman, M.; Solangi, K.; Hossain, M.; Badarudin, A.; Jasmon, G.; Mokhlis, H.; Bakar, A.; Kazi, S.N. A review of Safety, Health and Environmental (SHE) issues of solar energy system. Renew. Sustain. Energy Rev. 2015, 41, 1190–1204. [Google Scholar] [CrossRef]
  86. Aloul, F.; Al-Ali, A.; Al-Dalky, R.; Al-Mardini, M.; El-Hajj, W. Smart grid security: Threats, vulnerabilities and solutions. Int. J. Smart Grid Clean Energy 2012, 1, 1–6. [Google Scholar] [CrossRef]
  87. Faquir, D.; Chouliaras, N.; Sofia, V.; Olga, K.; Maglaras, L. Cybersecurity in smart grids, challenges and solutions. AIMS Electron. Electr. Eng. 2021, 5, 24–37. [Google Scholar]
  88. Sanjab, A.; Saad, W.; Guvenc, I.; Sarwat, A.; Biswas, S. Smart grid security: Threats, challenges, and solutions. arXiv 2016. [Google Scholar] [CrossRef]
  89. Anand, P.; Singh, Y.; Selwal, A.; Singh, P.K.; Felseghi, R.A.; Raboaca, M.S. Iovt: Internet of vulnerable things? threat architecture, attack surfaces, and vulnerabilities in internet of things and its applications towards smart grids. Energies 2020, 13, 4813. [Google Scholar] [CrossRef]
  90. Goel, S.; Hong, Y.; Papakonstantinou, V.; Kloza, D.; Goel, S.; Hong, Y. Security challenges in smart grid implementation. In Smart Grid Security; Springer: Berlin/Heidelberg, Germany, 2015; pp. 1–39. [Google Scholar]
  91. Anwar, A.; Mahmood, A.N. Cyber security of smart grid infrastructure. arXiv 2014, arXiv:1401.3936. [Google Scholar] [CrossRef]
  92. Pandey, R.K.; Misra, M. Cyber security threats—Smart grid infrastructure. In Proceedings of the 2016 National Power Systems Conference (NPSC), Bhubaneswar, India, 19–21 December 2016; IEEE: Piscataway, NJ, USA, 2016; pp. 1–6. [Google Scholar]
  93. Unsal, D.B.; Ustun, T.S.; Hussain, S.S.; Onen, A. Enhancing cybersecurity in smart grids: False data injection and its mitigation. Energies 2021, 14, 2657. [Google Scholar] [CrossRef]
  94. Soltani, M.; Ousat, B.; Siavoshani, M.J.; Jahangir, A.H. An adaptable deep learning-based intrusion detection system to zero-day attacks. J. Inf. Secur. Appl. 2023, 76, 103516. [Google Scholar] [CrossRef]
  95. Che Mat, N.I.; Jamil, N.; Yusoff, Y.; Mat Kiah, M.L. A systematic literature review on advanced persistent threat behaviors and its detection strategy. J. Cybersecur. 2024, 10, tyad023. [Google Scholar] [CrossRef]
  96. Tang, D.; Fang, Y.P.; Zio, E. Vulnerability analysis of demand-response with renewable energy integration in smart grids to cyber attacks and online detection methods. Reliab. Eng. Syst. Saf. 2023, 235, 109212. [Google Scholar] [CrossRef]
  97. Chen, J.; Mohamed, M.A.; Dampage, U.; Rezaei, M.; Salmen, S.H.; Obaid, S.A.; Annuk, A. A multi-layer security scheme for mitigating smart grid vulnerability against faults and cyber-attacks. Appl. Sci. 2021, 11, 9972. [Google Scholar] [CrossRef]
  98. Hatch, M.; Ron, E.; Bouville, A.; Zablotska, L.; Howe, G. The Chernobyl disaster: Cancer following the accident at the Chernobyl nuclear power plant. Epidemiol. Rev. 2005, 27, 56–66. [Google Scholar] [CrossRef]
  99. Kim, Y.; Kim, M.; Kim, W. Effect of the Fukushima nuclear disaster on global public acceptance of nuclear energy. Energy Policy 2013, 61, 822–828. [Google Scholar] [CrossRef]
  100. Mueller, P.; Yadegari, B. The Stuxnet Worm. University of Arizona, Tucson. 2012. Available online: https://www2.cs.arizona.edu/~collberg/Teaching/466-566/2013/Resources/presentations/2012/topic9-final/report.pdf (accessed on 4 April 2025).
  101. Khan, R.; Maynard, P.; McLaughlin, K.; Laverty, D.; Sezer, S. Threat analysis of blackenergy malware for synchrophasor based real-time control and monitoring in smart grid. In Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research, Belfast, UK, 23–25 August 2016; pp. 53–63. [Google Scholar]
  102. Maiti, S.; Balabhaskara, A.; Adhikary, S.; Koley, I.; Dey, S. Targeted Attack Synthesis for Smart Grid Vulnerability Analysis. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, 26–30 November 2023; pp. 2576–2590. [Google Scholar]
  103. Parshivlyuk, S.; Panchenko, K. Cyber Threats and Resilience in Power Grid Infrastructures: Assessing Vulnerabilities and Countermeasures. Eduzone: Int. Peer Rev. Multidiscip. J. 2024, 13, 22–31. [Google Scholar]
  104. Ezeigweneme, C.A.; Nwasike, C.N.; Adefemi, A.; Adegbite, A.O.; Gidiagba, J.O. Smart grids in industrial paradigms: A review of progress, benefits, and maintenance implications: Analyzing the role of smart grids in predictive maintenance and the integration of renewable energy sources, along with their overall impact on the industri. Eng. Sci. Technol. J. 2024, 5, 1–20. [Google Scholar] [CrossRef]
  105. Lekunze, G.T.; Kenfack, P.; Dandoussou, A. Reliability Optimization of Smart Grid Based on Optimal Failure Rate Using Distributed Generation 2024. Available online: https://assets-eu.researchsquare.com/files/rs-4289832/v1_covered_f049648e-a3bc-4b80-bcdf-6946483886fe.pdf (accessed on 29 June 2025).
  106. Lopes, Y.; Fernandes, N.C.; de Castro, T.B.; dos Santos Farias, V.; Noce, J.D.; Marques, J.P.; Muchaluat-Saade, D.C. Vulnerabilities and threats in smart grid communication networks. In Research Anthology on Blockchain Technology in Business, Healthcare, Education, and Government; IGI Global: Hershey, PA, USA, 2021; pp. 1508–1535. [Google Scholar]
  107. Reda, H.T.; Ray, B.; Peidaee, P.; Anwar, A.; Mahmood, A.; Kalam, A.; Islam, N. Vulnerability and impact analysis of the IEC 61850 GOOSE protocol in the smart grid. Sensors 2021, 21, 1554. [Google Scholar] [CrossRef]
  108. Ruj, S.; Pal, A. Cascading Failures in Smart Grids under Random, Targeted, and Adaptive Attacks. In A Practical Guide on Security and Privacy in Cyber-Physical Systems: Foundations, Applications and Limitations; World Scientific: Singapore, 2024; pp. 173–211. [Google Scholar]
  109. Elnashai, A.S.; Gencturk, B.; Kwon, O.S.; Al-Qadi, I.L.; Hashash, Y.; Roesler, J.R.; Kim, S.J.; Jeong, S.H.; Dukes, J.; Valdivia, A. The Maule (Chile) Earthquake of February 27, 2010: Consequence Assessment and Case Studies; MAE Center Report No. 10-04; Illinois Library: Springfield, IL, USA, 2010. [Google Scholar]
  110. Naddaf, M. Turkey-Syria earthquake: What scientists know. Nature 2023, 614, 398–399. [Google Scholar] [CrossRef]
  111. United States; Congress; House; Select Bipartisan Committee to Investigate the Preparation for, and Response to Hurricane Katrina. A Failure of Initiative: Final Report of the Select Bipartisan Committee to Investigate the Preparation for and Response to Hurricane Katrina; Government Printing Office: Washington, DC, USA, 2006; Volume 109. [Google Scholar]
  112. Kishore, N.; Marqués, D.; Mahmud, A.; Kiang, M.V.; Rodriguez, I.; Fuller, A.; Ebner, P.; Sorensen, C.; Racy, F.; Lemery, J.; et al. Mortality in puerto rico after hurricane maria. N. Engl. J. Med. 2018, 379, 162–170. [Google Scholar] [CrossRef] [PubMed]
  113. Sharp, D.W.; Cristaldi, A.J.; Spratt, S.M.; Hagemeyer, B.C. Multifaceted General Overview of the East Central Florida Tornado Outbreak of 22–23 February 1998. Preprints, 19th Conference on Severe Local Storms, Minneapolis, MN, USA, 14–18 September 1998; The American Meteor Society: Geneseo, NY, USA, 1998; pp. 140–143. [Google Scholar]
  114. Chaney, P.L.; Weaver, G.S. The vulnerability of mobile home residents in tornado disasters: The 2008 Super Tuesday tornado in Macon County, Tennessee. Weather. Clim. Soc. 2010, 2, 190–199. [Google Scholar] [CrossRef]
  115. Chernokulsky, A.; Shikhov, A.; Bykov, A.; Azhigov, I. Satellite-based study and numerical forecasting of two tornado outbreaks in the Ural Region in June 2017. Atmosphere 2020, 11, 1146. [Google Scholar] [CrossRef]
  116. Lay, T.; Ammon, C.J.; Kanamori, H.; Rivera, L.; Koper, K.D.; Hutko, A.R. The 2009 Samoa–Tonga great earthquake triggered doublet. Nature 2010, 466, 964–968. [Google Scholar] [CrossRef]
  117. Telford, J.; Cosgrave, J. The international humanitarian system and the 2004 Indian Ocean earthquake and tsunamis. Disasters 2007, 31, 1–28. [Google Scholar] [CrossRef]
  118. Goto, K.; Chagué-Goff, C.; Fujino, S.; Goff, J.; Jaffe, B.; Nishimura, Y.; Richmond, B.; Sugawara, D.; Szczuciński, W.; Tappin, D.R.; et al. New insights of tsunami hazard from the 2011 Tohoku-oki event. Mar. Geol. 2011, 290, 46–50. [Google Scholar] [CrossRef]
  119. Kalantari, Z.; Ferreira, C.S.S.; Keesstra, S.; Destouni, G. Nature-based solutions for flood-drought risk mitigation in vulnerable urbanizing parts of East-Africa. Curr. Opin. Environ. Sci. Health 2018, 5, 73–78. [Google Scholar] [CrossRef]
  120. Okamoto, K.; Yamakawa, S.; Kawashima, H. Estimation of flood damage to rice production in North Korea in 1995. Int. J. Remote Sens. 1998, 19, 365–371. [Google Scholar] [CrossRef]
  121. Krishna, R.N.; Ronan, K.; Spencer, C.; Alisic, E. The lived experience of disadvantaged communities affected by the 2015 South Indian floods: Implications for disaster risk reduction dialogue. Int. J. Disaster Risk Reduct. 2021, 54, 102046. [Google Scholar] [CrossRef]
  122. Kamoshita, A.; Ouk, M. Field level damage of deepwater rice by the 2011 Southeast Asian Flood in a flood plain of Tonle Sap Lake, Northwest Cambodia. Paddy Water Environ. 2015, 13, 455–463. [Google Scholar] [CrossRef]
  123. Du, S.; Cheng, X.; Huang, Q.; Chen, R.; Ward, P.J.; Aerts, J.C. Brief communication: Rethinking the 1998 China floods to prepare for a nonstationary future. Nat. Hazards Earth Syst. Sci. 2019, 19, 715–719. [Google Scholar] [CrossRef]
  124. Bryant, R.A.; Waters, E.; Gibbs, L.; Gallagher, H.C.; Pattison, P.; Lusher, D.; MacDougall, C.; Harms, L.; Block, K.; Snowdon, E.; et al. Psychological outcomes following the Victorian Black Saturday bushfires. Aust. N. Z. J. Psychiatry 2014, 48, 634–643. [Google Scholar] [CrossRef]
  125. Lagouvardos, K.; Kotroni, V.; Giannaros, T.M.; Dafis, S. Meteorological conditions conducive to the rapid spread of the deadly wildfire in eastern Attica, Greece. Bull. Am. Meteorol. Soc. 2019, 100, 2137–2145. [Google Scholar] [CrossRef]
  126. Hashmi, M.H.; Ullah, Z.; Asghar, R.; Shaker, B.; Tariq, M.; Saleem, H. An Overview of the current challenges and Issues in Smart Grid Technologies. In Proceedings of the 2023 International Conference on Emerging Power Technologies (ICEPT), Topi, Pakistan, 6–7 May 2023; pp. 1–6. [Google Scholar]
  127. Mohammed, A.; George, G. Vulnerabilities and strategies of cybersecurity in smart grid-evaluation and review. In Proceedings of the 2022 3rd International Conference on Smart Grid and Renewable Energy (SGRE), Doha, Qatar, 20–22 March 2022; pp. 1–6. [Google Scholar]
  128. Szekeres, A.; Snekkenes, E. Representing decision-makers in SGAM-H: The smart grid architecture model extended with the human layer. In Proceedings of the Graphical Models for Security: 7th International Workshop, GraMSec 2020, Boston, MA, USA, 22 June 2020; Revised Selected Papers 7. Springer: Berlin/Heidelberg, Germany, 2020; pp. 87–110. [Google Scholar]
  129. Bouramdane, A.A. Cyberattacks in smart grids: Challenges and solving the multi-criteria decision-making for cybersecurity options, including ones that incorporate artificial intelligence, using an analytical hierarchy process. J. Cybersecur. Priv. 2023, 3, 662–705. [Google Scholar] [CrossRef]
  130. Nguyen, T.N.; Liu, B.H.; Nguyen, N.P.; Chou, J.T. Cyber security of smart grid: Attacks and defenses. In Proceedings of the ICC 2020—2020 IEEE International Conference on Communications (ICC), Virtually, 7–11 June 2020; pp. 1–6. [Google Scholar]
  131. Inayat, U.; Zia, M.F.; Mahmood, S.; Berghout, T.; Benbouzid, M. Cybersecurity Enhancement of Smart Grid: Attacks, Methods, and Prospects. Electronics 2022, 11, 3854. [Google Scholar] [CrossRef]
  132. Otuoze, A.O.; Mustafa, M.W.; Larik, R.M. Smart grids security challenges: Classification by sources of threats. J. Electr. Syst. Inf. Technol. 2018, 5, 468–483. [Google Scholar] [CrossRef]
  133. Sielicki, P.W.; Stewart, M.G.; Gajewski, T.; Malendowski, M.; Peksa, P.; Al-Rifaie, H.; Studziński, R.; Sumelka, W. Field test and probabilistic analysis of irregular steel debris casualty risks from a person-borne improvised explosive device. Def. Technol. 2021, 17, 1852–1863. [Google Scholar] [CrossRef]
  134. Knopf, K.S. Fully Autonomous Vehicle-Borne Improvised Explosive Devices-Mitigating Strategies; Technical Report; Naval Postgraduate School Monterey United States: Monterey, CA, USA, 2019. [Google Scholar]
  135. Maňas, P.; Kroupa, L.; Urban, R.; Coufal, D. Blast threat to critical and military infrastructure. Secur. Def. Q. 2013, 1, 32–53. [Google Scholar] [CrossRef]
  136. O’Day, A. Northern Ireland, Terrorism, and the British State. In Terrorism: Theory and Practice; Routledge: London, UK, 2019; pp. 121–135. [Google Scholar]
  137. White, S.P. Understanding Cyberwarfare: Lessons from the Russia-Georgia War; Modern War Institute at West Point: West Point, NY, USA, 2018. [Google Scholar]
  138. Button, M. Industrial Espionage and Information Security. In Private Policing; Routledge: London, UK, 2019. [Google Scholar] [CrossRef]
  139. Akondi, V.M.; Cho, D.; Park, J.; Kim, S.H.; Kim, T.H. A review on smart grid cyber-physical system security threats and countermeasures. Int. J. Control Autom. 2015, 8, 257–270. [Google Scholar]
  140. Subramanian, K.; Huang, Q. Cyber Physical Systems for Smart Grids; CRC Press: Boca Raton, FL, USA, 2019. [Google Scholar]
  141. Wang, W.; Lu, Z. Cyber security in the smart grid: Survey and challenges. Comput. Netw. 2013, 57, 1344–1371. [Google Scholar] [CrossRef]
  142. Hong, J.; Liu, C.C.; Govindarasu, M. Integrated anomaly detection for cyber security of the substations. IEEE Trans. Smart Grid 2014, 5, 1643–1653. [Google Scholar] [CrossRef]
  143. Abir, S.A.A.; Anwar, A.; Choi, J.; Kayes, A. Iot-enabled smart energy grid: Applications and challenges. IEEE Access 2021, 9, 50961–50981. [Google Scholar] [CrossRef]
  144. Nakashima, E. US Target of Massive Cyber-Espionage Campaign. Washington Post, 10 February 2013. [Google Scholar]
  145. Krekel, B.; Adams, P.; Bakos, G. Occupying the information high ground: Chinese capabilities for computer network operations and cyber espionage. Int. J. Comput. Res. 2014, 21, 333. [Google Scholar]
  146. Applegate, S.D. Cybermilitias and political hackers: Use of irregular forces in cyberwarfare. IEEE Secur. Priv. 2011, 9, 16–22. [Google Scholar] [CrossRef]
  147. Caraccilo, D.J.; Rohling, A.M. Targeting in Postconflict Operations in Iraq. Mil. Rev. 2004, 84, 11. [Google Scholar]
  148. Knights, M. Infrastructure Targeting and Postwar Iraq. Policy Watch, 14 March 2003. [Google Scholar]
  149. Özlem, T. The Lebanese war of 2006: Reasons and consequences. Perceptions J. Int. Aff. 2007, 12, 109–122. [Google Scholar]
  150. Kreps, S.E. The 2006 Lebanon war: Lessons learned. Parameters 2007, 37, 72. [Google Scholar] [CrossRef]
  151. Amer, M. Critical discourse analysis of war reporting in the international press: The case of the Gaza war of 2008–2009. Palgrave Commun. 2017, 3, 1–11. [Google Scholar] [CrossRef]
  152. Weinthal, E.; Sowers, J. Targeting infrastructure and livelihoods in the West Bank and Gaza. Int. Aff. 2019, 95, 319–340. [Google Scholar] [CrossRef]
  153. Yaacoub, J.P.A.; Salman, O.; Noura, H.N.; Kaaniche, N.; Chehab, A.; Malli, M. Cyber-physical systems security: Limitations, issues and future trends. Microprocess. Microsyst. 2020, 77, 103201. [Google Scholar] [CrossRef] [PubMed]
  154. Burton, J.; Soare, S.; Soare, S.R.; Burton, J. Smart Cities, Cyber Warfare and Social Disorder. In Cyber Threats and NATO 2030: Horizon Scanning and Analysis; CCDCOE: Tallinn, Estonia, 2020. [Google Scholar]
  155. Taplin, R. Cyber Risk, Intellectual Property Theft and Cyberwarfare: Asia, Europe and the USA; Routledge: London, UK, 2020. [Google Scholar]
  156. Donovan, G.T., Jr. Russian Operational Art in the Russo-Georgian War of 2008; Technical Report; Army War Coll Carlisle Barracks: Carlisle, PA, USA, 2009. [Google Scholar]
  157. Roberto, M. BlackEnergy Malware Threats and Comparative Study 2017. Available online: https://d1wqtxts1xzle7.cloudfront.net/55251880/BlackEnergy-libre.pdf?1512912965=&response-content-disposition=inline%3B+filename%3DBlackEnergy_Malware_Threats_and_Comparat.pdf&Expires=1752485367&Signature=Nayvuxnr4P8NwBB6lwn~PjDjQnYdWLeQzGEzOlPFhZ7A5~YddZ8dRRgK4xcmCD~taSvUJ6YdyOsUxY7Zpiiy9a1vnKD-Zhk6lWEEvuVNMlReYEiDG22KbVFqeeFWGyZZlpih-~LsxEQOvDMgg3Bm2lg9-zWFxpgxrF8qY4fcluAteJPS2zFGnYI9vPRWmnRYM76rYCshMsc7lF1RpG0pmUMf~Fkz-UbaY23lJsvOacyMP-PBguAOiO-n-EZ1BmJbnafLKfT7~REc1hxidTxmwLoczU0JoifmdqvACPlC2MmNWcs53cxaYXWzntxACeEcxntu1rwnwnHr2kJMvfkF9Q__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA (accessed on 29 June 2025).
  158. Sullivan, J.E.; Kamensky, D. How cyber-attacks in Ukraine show the vulnerability of the US power grid. Electr. J. 2017, 30, 30–35. [Google Scholar] [CrossRef]
  159. Geiger, M.; Bauer, J.; Masuch, M.; Franke, J. An analysis of black energy 3, Crashoverride, and Trisis, three malware approaches targeting operational technology systems. In Proceedings of the 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), Vienna, Austria, 8–11 September 2020; Volume 1, pp. 1537–1543. [Google Scholar]
  160. Assante, M.J.; Lee, R.M. The industrial control system cyber kill chain. SANS Inst. InfoSec Read. Room 2015, 1, 24. [Google Scholar]
  161. Greenberg, A. The untold story of NotPetya, the most devastating cyberattack in history. Wired August 2018, 22. [Google Scholar]
  162. Shehod, A. Ukraine power grid cyberattack and US susceptibility: Cybersecurity implications of smart grid advancements in the US. Cybersecur. Interdiscip. Syst. Lab. MIT 2016, 22, 2016–2022. [Google Scholar]
  163. Case, D.U. Analysis of the cyber attack on the Ukrainian power grid. Electr. Inf. Shar. Anal. Cent. (E-ISAC) 2016, 388, 1–29. [Google Scholar]
  164. Neilsen, R. “Honey, I’m Hacked”: Ethical Questions Raised by Ukrainian Cyber Deception of Russian Military Wives; New York University: New York, NY, USA, 2023; Available online: https://coilink.org/20.500.12592/9f4wtb (accessed on 29 June 2025).
  165. McMahon, D. NOTE FOR NATIONAL DEFENCE: CYBER DECEPTION-The Art of Camouflage, Stealth and Misdirection; Clairvoyance Cyber Corp: 2021. Available online: https://www.concordia.ca/content/dam/ginacody/research/spnet/Documents/BriefingNotes/AI/BN-83-The-role-of-AI-Aug2021.pdf (accessed on 29 June 2025).
  166. Goel, S. Anonymity vs. security: The right balance for the smart grid. Commun. Assoc. Inf. Syst. 2015, 36, 2. [Google Scholar] [CrossRef]
  167. Wagner, M.; Kuba, M.; Oeder, A. Smart grid cyber security: A German perspective. In Proceedings of the 2012 International Conference on Smart Grid Technology, Economics and Policies (SG-TEP), Nuremberg, Germany, 3–4 December 2012; pp. 1–4. [Google Scholar]
  168. Chernenko, E.; Demidov, O.; Lukyanov, F. Increasing International Cooperation in Cybersecurity and Adapting Cyber Norms; Council on Foreign Relations: New York, NY, USA, 2018. [Google Scholar]
  169. Miller, T.; Staves, A.; Maesschalck, S.; Sturdee, M.; Green, B. Looking back to look forward: Lessons learnt from cyber-attacks on industrial control systems. Int. J. Crit. Infrastruct. Prot. 2021, 35, 100464. [Google Scholar] [CrossRef]
  170. Analytica, O. Ukraine cannot afford its counter-offensive failing. Emerald Expert Briefings, 27 February 2023. [Google Scholar]
  171. Cities, M.; Coalition, A.I.; Militias, I.P. Iraq Situation Report: July 22–28, 2020; ISW Press: Washington, DC, USA, 2020. [Google Scholar]
  172. Adebajo, M.T. Aggression and Self-Defense in Cyberwarfare: The Relevance of International Law. Tradit. J. Law Soc. Sci. 2023, 2, 1–15. [Google Scholar]
  173. Zhang, Y.; Wang, J.; Chen, B. Detecting false data injection attacks in smart grids: A semi-supervised deep learning approach. IEEE Trans. Smart Grid 2020, 12, 623–634. [Google Scholar] [CrossRef]
  174. Dayananda, P.; Srikantaswamy, M.; Nagaraju, S.; Velluri, R.; Doddananjedevaru, M.K. Efficient detection of faults and false data injection attacks in smart grid using a reconfigurable Kalman filter. Int. J. Power Electron. Drive Syst. 2022, 13, 2086. [Google Scholar] [CrossRef]
  175. Wang, K.; Du, M.; Maharjan, S.; Sun, Y. Strategic honeypot game model for distributed denial of service attacks in the smart grid. IEEE Trans. Smart Grid 2017, 8, 2474–2482. [Google Scholar] [CrossRef]
  176. Huang, R.; Li, Y.; Wang, X. Attention-aware deep reinforcement learning for detecting false data injection attacks in smart grids. Int. J. Electr. Power Energy Syst. 2023, 147, 108815. [Google Scholar] [CrossRef]
  177. Pei, C.; Xiao, Y.; Liang, W.; Han, X. PMU placement protection against coordinated false data injection attacks in smart grid. IEEE Trans. Ind. Appl. 2020, 56, 4381–4393. [Google Scholar] [CrossRef]
  178. Hasan, M.N.; Toma, R.N.; Nahid, A.A.; Islam, M.M.; Kim, J.M. Electricity theft detection in smart grid systems: A CNN-LSTM based approach. Energies 2019, 12, 3310. [Google Scholar] [CrossRef]
  179. Takiddin, A.; Ismail, M.; Serpedin, E. Robust Data-Driven Detection of Electricity Theft Adversarial Evasion Attacks in Smart Grids. IEEE Trans. Smart Grid 2022, 14, 663–676. [Google Scholar] [CrossRef]
  180. Pal, A.; Jolfaei, A.; Kant, K. A fast prekeying-based integrity protection for smart grid communications. IEEE Trans. Ind. Inform. 2020, 17, 5751–5758. [Google Scholar] [CrossRef]
  181. Ebrahimabadi, M.; Younis, M.; Karimi, N. Hardware assisted smart grid authentication. In Proceedings of the ICC 2021—IEEE International Conference on Communications, Montreal, QC, Canada, 14–18 June 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–6. [Google Scholar]
  182. Taylor, C.; Johnson, T. Strong authentication countermeasures using dynamic keying for sinkhole and distance spoofing attacks in smart grid networks. In Proceedings of the 2015 IEEE Wireless Communications and Networking Conference (WCNC), New Orleans, LA, USA, 9–12 March 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 1835–1840. [Google Scholar]
  183. Fan, Y.; Zhang, Z.; Trinkle, M.; Dimitrovski, A.D.; Song, J.B.; Li, H. A cross-layer defense mechanism against GPS spoofing attacks on PMUs in smart grids. IEEE Trans. Smart Grid 2014, 6, 2659–2668. [Google Scholar] [CrossRef]
  184. Agilandeeswari, L.; Paliwal, S.; Chandrakar, A.; Prabukumar, M. A new lightweight conditional privacy preserving authentication and key–agreement protocol in social internet of things for vehicle to smart grid networks. Multimed. Tools Appl. 2022, 81, 27683–27710. [Google Scholar] [CrossRef]
  185. Chaudhry, S.A.; Alhakami, H.; Baz, A.; Al-Turjman, F. Securing demand response management: A certificate-based access control in smart grid edge computing infrastructure. IEEE Access 2020, 8, 101235–101243. [Google Scholar] [CrossRef]
  186. Irshad, A.; Chaudhry, S.A.; Alazab, M.; Kanwal, A.; Zia, M.S.; Zikria, Y.B. A secure demand response management authentication scheme for smart grid. Sustain. Energy Technol. Assess. 2021, 48, 101571. [Google Scholar] [CrossRef]
  187. Bang, A.O.; Rao, U.P. A novel decentralized security architecture against sybil attack in RPL-based IoT networks: A focus on smart home use case. J. Supercomput. 2021, 77, 13703–13738. [Google Scholar] [CrossRef]
  188. Sriranjani, R.; Hemavathi, N.; Parvathy, A.; Salini, B.; Nandhini, L. Received Signal Strength and Optimized Support Vector Machine based Sybil Attack Detection Scheme in Smart Grid. In Proceedings of the 2023 3rd International Conference on Intelligent Communication and Computational Techniques (ICCT), Jaipur, India, 19–20 January 2023; pp. 1–5. [Google Scholar]
  189. Nyangaresi, V.O.; Alsamhi, S.H. Towards secure traffic signaling in smart grids. In Proceedings of the 2021 3rd Global Power, Energy and Communication Conference (GPECOM), Antalya, Turkey, 5–8 October 2021; pp. 196–201. [Google Scholar]
  190. Jafarigiv, D.; Sheshyekani, K.; Kassouf, M.; Seyedi, Y.; Karimi, H.; Mahseredjian, J. Countering FDI attacks on DERs coordinated control system using FMI-compatible cosimulation. IEEE Trans. Smart Grid 2020, 12, 1640–1650. [Google Scholar] [CrossRef]
  191. Kumar, B.S.; Gowda, K.K. Detection and Prevention of TCP SYN Flooding Attack in WSN Using Protocol Dependent Detection and Classification System. In Proceedings of the 2022 IEEE International Conference on Data Science and Information System (ICDSIS), Hassan, India, 29–30 July 2022; pp. 1–6. [Google Scholar]
  192. Das, T.; Hamdan, O.A.; Sengupta, S.; Arslan, E. Flood Control: TCP-SYN Flood Detection for Software-Defined Networks using OpenFlow Port Statistics. In Proceedings of the 2022 IEEE International Conference on Cyber Security and Resilience (CSR), Virtually, 27–29 July 2022; pp. 1–8. [Google Scholar]
  193. Mahrach, S.; Haqiq, A. DDoS flooding attack mitigation in software defined networks. Int. J. Adv. Comput. Sci. Appl. 2020, 11, 693–700. [Google Scholar] [CrossRef]
  194. Zhang, T.; Ji, X.; Zhuang, Z.; Xu, W. JamCatcher: A mobile jammer localization scheme for advanced metering infrastructure in smart grid. Sensors 2019, 19, 909. [Google Scholar] [CrossRef]
  195. Pirayesh, H.; Zeng, H. Jamming attacks and anti-jamming strategies in wireless networks: A comprehensive survey. IEEE Commun. Surv. Tutor. 2022, 24, 767–809. [Google Scholar] [CrossRef]
  196. Singh, N.K.; Mahajan, V.; Aniket, A.; Pandya, S.; Panchal, R.; Mudgal, U.; Bhatt, M. Identification and prevention of cyber attack in smart grid communication network. In Proceedings of the 2019 International Conference on Information and Communications Technology (ICOIACT), Yogyakarta, Indonesia, 24–25 July 2019; pp. 5–10. [Google Scholar]
  197. Mahmood, H.; Mahmood, D.; Shaheen, Q.; Akhtar, R.; Changda, W. S-DPs: An SDN-based DDoS protection system for smart grids. Secur. Commun. Netw. 2021, 2021, 6629098. [Google Scholar] [CrossRef]
  198. El Makhtoum, H.; Bentaleb, Y. Review and evaluation of OTP-Based authentication schemes in the metering systems of smart grids. In Proceedings of the 2022 IEEE 9th International Conference on Sciences of Electronics, Technologies of Information and Telecommunications (SETIT), Hammamet, Tunisia, 28–30 May 2022; pp. 232–237. [Google Scholar]
  199. Chaudhry, S.A.; Nebhan, J.; Yahya, K.; Al-Turjman, F. A privacy enhanced authentication scheme for securing smart grid infrastructure. IEEE Trans. Ind. Inform. 2021, 18, 5000–5006. [Google Scholar] [CrossRef]
  200. Dhunna, G.S.; Al-Anbagi, I. A low power WSNs attack detection and isolation mechanism for critical smart grid applications. IEEE Sens. J. 2019, 19, 5315–5324. [Google Scholar] [CrossRef]
  201. Patsakis, C.; Casino, F. Exploiting statistical and structural features for the detection of Domain Generation Algorithms. J. Inf. Secur. Appl. 2021, 58, 102725. [Google Scholar] [CrossRef]
  202. Bodziony, N.; Jemioło, P.; Kluza, K.; Ogiela, M.R. Blockchain-based address alias system. J. Theor. Appl. Electron. Commer. Res. 2021, 16, 1280–1296. [Google Scholar] [CrossRef]
  203. Mishra, S. Blockchain-based security in smart grid network. Int. J. Commun. Netw. Distrib. Syst. 2022, 28, 365–388. [Google Scholar] [CrossRef]
  204. Kautish, S.; Juneja, S.; Mohiuddin, K.; Karim, F.K.; Elmannai, H.; Ghorashi, S.; Hamid, Y. Enhanced Cloud Storage Encryption Standard for Security in Distributed Environments. Electronics 2023, 12, 714. [Google Scholar] [CrossRef]
  205. Yan, Z.; Wen, H. Performance Analysis of Electricity Theft Detection for the Smart Grid: An Overview. IEEE Trans. Instrum. Meas. 2022, 71, 2502928. [Google Scholar] [CrossRef]
  206. Gujjula, D.; Reddy, G.V.K.; Reddy, P.B. Firmware Security: Challenges, Vulnerabilities, and Mitigation Strategies. In Disruptive Technologies in Computing and Communication Systems, 1st ed.; Mohan Babu, V., Suresh, B., Eds.; CRC Press: London, UK, 2024. [Google Scholar] [CrossRef]
  207. Albogamy, F.R.; Paracha, M.Y.I.; Hafeez, G.; Khan, I.; Murawwat, S.; Rukh, G.; Khan, S.; Khan, M.U.A. Real-Time Scheduling for Optimal Energy Optimization in Smart Grid Integrated with Renewable Energy Sources. IEEE Access 2022, 10, 35498–35520. [Google Scholar] [CrossRef]
  208. Ndife, A.N.; Mensin, Y.; Rakwichian, W.; Muneesawang, P. Cyber-Security Audit for Smart Grid Networks: An Optimized Detection Technique Based on Bayesian Deep Learning. J. Internet Serv. Inf. Secur. 2022, 12, 95–114. [Google Scholar]
  209. Acarali, D.; Rao, K.R.; Rajarajan, M.; Chema, D.; Ginzburg, M. Modelling smart grid IT-OT dependencies for DDoS impact propagation. Comput. Secur. 2022, 112, 102528. [Google Scholar] [CrossRef]
  210. Diaba, S.Y.; Elmusrati, M. Proposed algorithm for smart grid DDoS detection based on deep learning. Neural Netw. 2023, 159, 175–184. [Google Scholar] [CrossRef]
  211. Yılmaz, Y.; Uludag, S. Timely detection and mitigation of IoT-based cyberattacks in the smart grid. J. Frankl. Inst. 2021, 358, 172–192. [Google Scholar] [CrossRef]
  212. Maziku, H.; Shetty, S.; Nicol, D.M. Security risk assessment for SDN-enabled smart grids. Comput. Commun. 2019, 133, 1–11. [Google Scholar] [CrossRef]
  213. Haggi, H.; Roofegari nejad, R.; Song, M.; Sun, W. A review of smart grid restoration to enhance cyber-physical system resilience. In Proceedings of the 2019 IEEE Innovative Smart Grid Technologies-Asia (ISGT Asia), Chengdu, China, 21–24 May 2019; pp. 4008–4013. [Google Scholar]
  214. Rice, E.B.; AlMajali, A. Mitigating the risk of cyber attack on smart grid systems. Procedia Comput. Sci. 2014, 28, 575–582. [Google Scholar] [CrossRef]
  215. Zhang, Z.; Huang, S.; Chen, Y.; Li, B.; Mei, S. Cyber-physical coordinated risk mitigation in smart grids based on attack-defense game. IEEE Trans. Power Syst. 2021, 37, 530–542. [Google Scholar] [CrossRef]
  216. Lyu, X.; Ding, Y.; Yang, S.H. Safety and security risk assessment in cyber-physical systems. IET Cyber-Phys. Syst. Theory Appl. 2019, 4, 221–232. [Google Scholar] [CrossRef]
  217. Shrestha, M.; Johansen, C.; Noll, J.; Roverso, D. A methodology for security classification applied to smart grid infrastructures. Int. J. Crit. Infrastruct. Prot. 2020, 28, 100342. [Google Scholar] [CrossRef]
  218. Mir, A.W.; Ketti Ramachandran, R. Security gaps assessment of smart grid based SCADA systems. Inf. Comput. Secur. 2019, 27, 434–452. [Google Scholar] [CrossRef]
  219. Langer, L.; Smith, P.; Hutle, M. Smart grid cybersecurity risk assessment. In Proceedings of the 2015 International Symposium on Smart Electric Distribution Systems and Technologies (EDST); IEEE: Piscataway, NJ, USA, 2015; pp. 475–482. [Google Scholar]
  220. Sun, Q.; Zhang, Y.; Han, D.; Yan, Z.; Zhao, J. Multi-elements and multi-dimensions risk evaluation of smart grid. In Proceedings of the IEEE PES Innovative Smart Grid Technologies, Washington, DC, USA, 16–20 January 2012; pp. 1–6. [Google Scholar]
  221. Sun, D.; Wang, H.; Lall, U.; Huang, J.; Liu, G. Subway travel risk evaluation during flood events based on smart card data. Geomat. Nat. Hazards Risk 2022, 13, 2796–2818. [Google Scholar] [CrossRef]
  222. Lamba, V.; Šimková, N.; Rossi, B. Recommendations for smart grid security risk management. Cyber-Phys. Syst. 2019, 5, 92–118. [Google Scholar] [CrossRef]
  223. Rangel-Martinez, D.; Nigam, K.; Ricardez-Sandoval, L.A. Machine learning on sustainable energy: A review and outlook on renewable energy systems, catalysis, smart grid and energy storage. Chem. Eng. Res. Des. 2021, 174, 414–441. [Google Scholar] [CrossRef]
  224. Bomfim, T.S. Evolution of machine learning in smart grids. In Proceedings of the 2020 IEEE 8th International Conference on Smart Energy Grid Engineering (SEGE), Oshawa, Canada, 12–14 August 2020; pp. 82–87. [Google Scholar]
  225. Azad, S.; Sabrina, F.; Wasimi, S. Transformation of smart grid using machine learning. In Proceedings of the 2019 29th Australasian Universities Power Engineering Conference (AUPEC), Nadi, Fiji, 26–29 November 2019; pp. 1–6. [Google Scholar]
  226. Mahmood, K.; Chaudhry, S.A.; Naqvi, H.; Kumari, S.; Li, X.; Sangaiah, A.K. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Gener. Comput. Syst. 2018, 81, 557–565. [Google Scholar] [CrossRef]
  227. Sadhukhan, D.; Ray, S.; Obaidat, M.S.; Dasgupta, M. A secure and privacy preserving lightweight authentication scheme for smart-grid communication using elliptic curve cryptography. J. Syst. Archit. 2021, 114, 101938. [Google Scholar] [CrossRef]
  228. Kumar, A.; Vishnoi, P.; Shimi, S. Smart grid security with cryptographic chip integration. EAI Endorsed Trans. Energy Web 2019, 6, e6. [Google Scholar] [CrossRef]
  229. Kumar, N.; Mishra, V.M.; Kumar, A. Smart grid and nuclear power plant security by integrating cryptographic hardware chip. Nucl. Eng. Technol. 2021, 53, 3327–3334. [Google Scholar] [CrossRef]
  230. Kumar, A.; Abhishek, K.; Shah, K.; Namasudra, S.; Kadry, S. A novel elliptic curve cryptography-based system for smart grid communication. Int. J. Web Grid Serv. 2021, 17, 321–342. [Google Scholar] [CrossRef]
  231. Kumar, N.; Mishra, V.M.; Kumar, A. Smart Grid Security by Embedding S-Box Advanced Encryption Standard. Intell. Autom. Soft Comput. 2022, 34, 623. [Google Scholar] [CrossRef]
  232. Kumar, N.; Mishra, V.M.; Kumar, A. Smart Grid Security by Embedding Cryptography Hardware Chip. In Proceedings of the 2023 International Conference on Power, Instrumentation, Energy and Control (PIECON), Aligarh, India, 10–12 February 2023; pp. 1–6. [Google Scholar]
  233. Mishra, D.; Rana, S.; Goyal, C.; Singh, G. FOESG: Anonymous session key agreement protocol for fog assisted smart grid communication. Int. J. Ad Hoc Ubiquitous Comput. 2023, 42, 137–147. [Google Scholar] [CrossRef]
  234. Tanveer, M.; Alasmary, H. LACP-SG: Lightweight Authentication Protocol for Smart Grids. Sensors 2023, 23, 2309. [Google Scholar] [CrossRef]
  235. Park, S.; Li, X.; Liu, Y. Trust-Based Communities for Smart Grid Security and Privacy. In Proceedings of the Wireless Internet: 15th EAI International Conference, WiCON 2022, Virtual Event, 17 November 2022; Proceedings. Springer: Berlin/Heidelberg, Germany, 2023; pp. 28–43. [Google Scholar]
  236. Badar, H.M.S.; Mahmood, K.; Akram, W.; Ghaffar, Z.; Umar, M.; Das, A.K. Secure authentication protocol for home area network in smart grid-based smart cities. Comput. Electr. Eng. 2023, 108, 108721. [Google Scholar] [CrossRef]
  237. Wang, W.; Huang, H.; Zhang, L.; Su, C. Secure and efficient mutual authentication protocol for smart grid under blockchain. Peer- Netw. Appl. 2021, 14, 2681–2693. [Google Scholar] [CrossRef]
  238. Liu, S.; Liu, Y.; Liu, W.; Zhang, Y. A certificateless multi-dimensional data aggregation scheme for smart grid. J. Syst. Archit. 2023, 140, 102890. [Google Scholar] [CrossRef]
  239. Sani, A.S.; Yuan, D.; Dong, Z.Y. SDAG: Blockchain-enabled model for secure data awareness in smart grids. In Proceedings of the 2023 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), Washington, DC, USA, 16–19 January 2023; pp. 1–5. [Google Scholar]
  240. Oberko, P.S.K.; Yao, T.; Xiong, H.; Kumari, S.; Kumar, S. Blockchain-Oriented Data Exchange Protocol With Traceability and Revocation for Smart Grid. J. Internet Technol. 2023, 24, 497–506. [Google Scholar]
  241. Bitirgen, K.; Filik, Ü.B. A hybrid deep learning model for discrimination of physical disturbance and cyber-attack detection in smart grid. Int. J. Crit. Infrastruct. Prot. 2023, 40, 100582. [Google Scholar] [CrossRef]
  242. Yaacoub, J.P.A.; Noura, H.N.; Salman, O. Security of federated learning with IoT systems: Issues, limitations, challenges, and solutions. Internet Things -Cyber-Phys. Syst. 2023, 3, 155–179. [Google Scholar] [CrossRef]
  243. Liu, X.; Nielsen, P.S. Regression-based online anomaly detection for smart grid data. arXiv 2016, arXiv:1606.05781. [Google Scholar] [CrossRef]
  244. Menon, D.M.; Radhika, N. Anomaly detection in smart grid traffic data for home area network. In Proceedings of the 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT), Nagercoil, India, 18–19 March 2016; pp. 1–4. [Google Scholar]
  245. Karimipour, H.; Geris, S.; Dehghantanha, A.; Leung, H. Intelligent anomaly detection for large-scale smart grids. In Proceedings of the 2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE), Edmonton, AB, Canada, 5–8 May 2019; pp. 1–4. [Google Scholar]
  246. El-Awadi, R.; Fernández-Vilas, A.; Redondo, R.P.D. Fog computing solution for distributed anomaly detection in smart grids. In Proceedings of the 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Barcelona, Spain, 21–23 October 2019; pp. 348–353. [Google Scholar]
  247. Marino, D.L.; Wickramasinghe, C.S.; Amarasinghe, K.; Challa, H.; Richardson, P.; Jillepalli, A.A.; Johnson, B.K.; Rieger, C.; Manic, M. Cyber and physical anomaly detection in smart-grids. In Proceedings of the 2019 Resilience Week (RWS), San Antonio, TX, USA, 4–7 November 2019; Volume 1, pp. 187–193. [Google Scholar]
  248. Li, R.; Bhattacharjee, S.; Das, S.K.; Yamana, H. Look-Up Table based FHE System for Privacy Preserving Anomaly Detection in Smart Grids. In Proceedings of the 2022 IEEE International Conference on Smart Computing (SMARTCOMP), Helsinki, Finland, 20–24 June 2022; pp. 108–115. [Google Scholar]
  249. Abdelkhalek, M.; Ravikumar, G.; Govindarasu, M. Ml-based anomaly detection system for der communication in smart grid. In Proceedings of the 2022 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), Washington, DC, USA, 24–28 April 2022; pp. 1–5. [Google Scholar]
  250. Takiddin, A.; Ismail, M.; Zafar, U.; Serpedin, E. Deep autoencoder-based anomaly detection of electricity theft cyberattacks in smart grids. IEEE Syst. J. 2022, 16, 4106–4117. [Google Scholar] [CrossRef]
  251. Nafees, M.N.; Saxena, N.; Burnap, P. Poster: Physics-Informed Augmentation for Contextual Anomaly Detection in Smart Grid. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, 12 November 2022; pp. 3427–3429. [Google Scholar]
  252. Abdel-Basset, M.; Moustafa, N.; Hawash, H. Privacy-Preserved Generative Network for Trustworthy Anomaly Detection in Smart Grids: A Federated Semisupervised Approach. IEEE Trans. Ind. Inform. 2022, 19, 995–1005. [Google Scholar] [CrossRef]
  253. Siniosoglou, I.; Radoglou-Grammatikis, P.; Efstathopoulos, G.; Fouliras, P.; Sarigiannidis, P. A unified deep learning anomaly detection and classification approach for smart grid environments. IEEE Trans. Netw. Serv. Manag. 2021, 18, 1137–1151. [Google Scholar] [CrossRef]
  254. Aribisala, A.; Khan, M.S.; Husari, G. Feed-Forward Intrusion Detection and Classification on a Smart Grid Network. In Proceedings of the 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 26–29 January 2022; pp. 0099–0105. [Google Scholar]
  255. Jithish, J.; Alangot, B.; Mahalingam, N.; Yeo, K.S. Distributed Anomaly Detection in Smart Grids: A Federated Learning-Based Approach. IEEE Access 2023, 11, 7157–7179. [Google Scholar] [CrossRef]
  256. Stryczek, S.; Natkaniec, M. Internet Threat Detection in Smart Grids Based on Network Traffic Analysis Using LSTM, IF, and SVM. Energies 2023, 16, 329. [Google Scholar] [CrossRef]
  257. Laroussi, I.; Huan, L.; Xiusheng, Z. How will the internet of energy (IoE) revolutionize the electricity sector? A techno-economic review. Mater. Today Proc. 2023, 72, 3297–3311. [Google Scholar] [CrossRef]
  258. Ghiasi, M.; Wang, Z.; Mehrandezh, M.; Jalilian, S.; Ghadimi, N. Evolution of smart grids towards the Internet of energy: Concept and essential components for deep decarbonisation. IET Smart Grid 2023, 6, 86–102. [Google Scholar] [CrossRef]
  259. Karimipour, H.; Dehghantanha, A.; Parizi, R.M.; Choo, K.K.R.; Leung, H. A deep and scalable unsupervised machine learning system for cyber-attack detection in large-scale smart grids. IEEE Access 2019, 7, 80778–80788. [Google Scholar] [CrossRef]
  260. Dairi, A.; Harrou, F.; Bouyeddou, B.; Senouci, S.M.; Sun, Y. Semi-supervised deep learning-driven anomaly detection schemes for cyber-attack detection in smart grids. In Power Systems Cybersecurity: Methods, Concepts, and Best Practices; Springer: Berlin/Heidelberg, Germany, 2023; pp. 265–295. [Google Scholar]
  261. Babar, M.; Tariq, M.U.; Jan, M.A. Secure and resilient demand side management engine using machine learning for IoT-enabled smart grid. Sustain. Cities Soc. 2020, 62, 102370. [Google Scholar] [CrossRef]
  262. Narayanan, L.K.; Subbiah, P.; Muralidharan, R.R.A.; Baskaran, A.P.; Srinivasan, V.; Baskaran, A.P.; Victor, P.; Ramachandran, H. A survey on AI-and ML-based demand forecast analysis of power using IoT-based SCADA. In Smart Energy and Electric Power Systems; Elsevier: Amsterdam, The Netherlands, 2023; pp. 65–78. [Google Scholar]
  263. Ghanbari, M.; Kinsner, W. Detecting DDoS attacks using polyscale analysis and deep learning. In Research Anthology on Smart Grid and Microgrid Development; IGI Global: Hershey, PA, USA, 2022; pp. 1078–1096. [Google Scholar]
  264. Torres, G.; Shrestha, S.; Misra, S. iCAD: Information-Centric network Architecture for DDoS Protection in the Smart Grid. In Proceedings of the 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Singapore, 25–28 October 2022; pp. 154–159. [Google Scholar]
  265. Merlino, J.C.; Asiri, M.; Saxena, N. Ddos cyber-incident detection in smart grids. Sustainability 2022, 14, 2730. [Google Scholar] [CrossRef]
  266. Ortega-Fernandez, I.; Liberati, F. A Review of Denial of Service Attack and Mitigation in the Smart Grid Using Reinforcement Learning. Energies 2023, 16, 635. [Google Scholar] [CrossRef]
  267. Albaseer, A.; Abdallah, M. Fine-tuned LSTM-Based Model for Efficient Honeypot-Based Network Intrusion Detection System in Smart Grid Networks. In Proceedings of the 2022 5th International Conference on Communications, Signal Processing, and their Applications (ICCSPA), Cairo, Egypt, 27–29 December 2022; pp. 1–6. [Google Scholar]
  268. Izzuddin, A.B.; Lim, C. Mapping Threats in Smart Grid System Using the MITRE ATT&CK ICS Framework. In Proceedings of the 2022 IEEE International Conference on Aerospace Electronics and Remote Sensing Technology (ICARES), Yogyakarta, Indonesia, 24–25 November 2022; pp. 1–7. [Google Scholar]
  269. Rashid, S.Z.U.; Haq, A.; Hasan, S.T.; Furhad, M.H.; Ahmed, M.; Ullah, A.B. Faking smart industry: Exploring cyber-threat landscape deploying cloud-based honeypot. Wirel. Netw. 2022, 30, 4527–4541. [Google Scholar] [CrossRef]
  270. Lygerou, I.; Srinivasa, S.; Vasilomanolakis, E.; Stergiopoulos, G.; Gritzalis, D. A decentralized honeypot for IoT Protocols based on Android devices. Int. J. Inf. Secur. 2022, 21, 1211–1222. [Google Scholar] [CrossRef]
  271. Albaseer, A.; Abdallah, M. Privacy-Preserving Honeypot-Based detector in smart grid networks: A new design for Quality-Assurance and fair incentives federated learning framework. In Proceedings of the 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 8–11 January 2023; pp. 722–727. [Google Scholar]
  272. Auti, A.; Pagar, S.; Mishra, V.; Makwana, J.; Borade, S. HoneyTrack: An improved honeypot. In Proceedings of the 2023 IEEE International Students’ Conference on Electrical, Electronics and Computer Science (SCEECS), Bhopal, India, 18–19 February 2023; pp. 1–6. [Google Scholar]
  273. Abdulqadder, I.H.; Zou, D.; Aziz, I.T. The DAG blockchain: A secure edge assisted honeypot for attack detection and multi-controller based load balancing in SDN 5G. Future Gener. Comput. Syst. 2023, 141, 339–354. [Google Scholar] [CrossRef]
  274. Yaacoub, J.P.A.; Noura, H.N.; Salman, O.; Chehab, A. Digital forensics vs. Anti-digital forensics: Techniques, limitations and recommendations. arXiv 2021, arXiv:2103.17028. [Google Scholar] [CrossRef]
  275. Yaacoub, J.P.A.; Noura, H.N.; Salman, O.; Chehab, A. Advanced digital forensics and anti-digital forensics for IoT systems: Techniques, limitations and recommendations. Internet Things 2022, 10, 100544. [Google Scholar] [CrossRef]
  276. Abdullah, H.I.M.; Mustaffa, M.Z.; Rahim, F.A.; Ibrahim, Z.A.; Yusoff, Y.; Yussof, S.; Bakar, A.A.; Ismail, R.; Ramli, R. Smart grid digital forensics investigation framework. In Proceedings of the 2020 8th International Conference on Information Technology and Multimedia (ICIMU), Selangor, Malaysia, 24–25 August 2020; pp. 200–205. [Google Scholar]
  277. Mohamed, N.; Al-Jaroodi, J.; Jawhar, I. Cyber–physical systems forensics: Today and tomorrow. J. Sens. Actuator Netw. 2020, 9, 37. [Google Scholar] [CrossRef]
  278. Bhattacharjee, S.; Thakur, A.; Silvestri, S.; Das, S.K. Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, Scottsdale, AZ, USA, 22–24 March 2017; pp. 35–45. [Google Scholar]
  279. Parra, G.D.L.T.; Rad, P.; Choo, K.K.R. Implementation of deep packet inspection in smart grids and industrial Internet of Things: Challenges and opportunities. J. Netw. Comput. Appl. 2019, 135, 32–46. [Google Scholar] [CrossRef]
  280. International Organization for Standardization and International Electrotechnical Commission. ISO/IEC 27043:2015—Information Technology—Security Techniques—Incident Investigation Principles and Processes; ISO/IEC: Geneva, Switzerland, 2015. [Google Scholar]
  281. Sadineni, L.; Pilli, E.; Battula, R.B. A holistic forensic model for the internet of things. In Proceedings of the Advances in Digital Forensics XV: 15th IFIP WG 11.9 International Conference, Orlando, FL, USA, 28–29 January 2019; Revised Selected Papers 15. Springer: Berlin/Heidelberg, Germany, 2019; pp. 3–18. [Google Scholar]
  282. Kotsiuba, I.; Skarga-Bandurova, I.; Giannakoulias, A.; Bulda, O. Basic forensic procedures for cyber crime investigation in smart grid networks. In Proceedings of the 2019 IEEE International Conference on Big Data (Big Data), Los Angeles, CA, USA, 9–12 December 2019; pp. 4255–4264. [Google Scholar]
  283. Grammatikis, P.R.; Sarigiannidis, P.; Iturbe, E.; Rios, E.; Sarigiannidis, A.; Nikolis, O.; Ioannidis, D.; Machamint, V.; Tzifas, M.; Giannakoulias, A.; et al. Secure and private smart grid: The spear architecture. In Proceedings of the 2020 6th IEEE Conference on Network Softwarization (NetSoft), Ghent, Belgium, 29 June–3 July 2020; pp. 450–456. [Google Scholar]
  284. Le, T.V.; Hsu, C.L.; Chen, W.X. A Hybrid Blockchain-Based Log Management Scheme With Nonrepudiation for Smart Grids. IEEE Trans. Ind. Inform. 2021, 18, 5771–5782. [Google Scholar] [CrossRef]
  285. Abdullah, H.I.M.; Ibrahim, Z.A.; Rahim, F.A.; Fadzil, H.S.; Nizam, S.A.S.; Mustaffa, M.Z. Digital Forensics Investigation Procedures of Smart Grid Environment. Int. J. Comput. Digit. Syst. 2021, 11, 1071–1082. [Google Scholar] [CrossRef]
  286. Yaacoub, J.P.A.; Noura, H.N.; Salman, O.; Chehab, A. A Survey on Ethical Hacking: Issues and Challenges. arXiv 2021, arXiv:2103.15072. [Google Scholar] [CrossRef]
  287. Yaacoub, J.P.A.; Noura, H.N.; Salman, O.; Chehab, A. Ethical hacking for IoT: Security issues, challenges, solutions and recommendations. Internet Things-Cyber-Phys. Syst. 2023, 3, 280–308. [Google Scholar] [CrossRef]
  288. Yardley, T.; Berthier, R.; Nicol, D.; Sanders, W.H. Smart grid protocol testing through cyber-physical testbeds. In Proceedings of the 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT), Washington, DC, USA, 15–17 April 2013; pp. 1–6. [Google Scholar]
  289. Weerathunga, P.E.; Cioraca, A. The importance of testing Smart Grid IEDs against security vulnerabilities. In Proceedings of the 2016 69th Annual Conference for Protective Relay Engineers (CPRE), College Station, TX, USA, 4–7 April 2016; pp. 1–21. [Google Scholar]
  290. Oyewumi, I.A.; Jillepalli, A.A.; Richardson, P.; Ashrafuzzaman, M.; Johnson, B.K.; Chakhchoukh, Y.; Haney, M.A.; Sheldon, F.T.; de Leon, D.C. Isaac: The idaho cps smart grid cybersecurity testbed. In Proceedings of the 2019 IEEE Texas Power and Energy Conference (TPEC), College Station, TX, USA, 7–8 February 2019; pp. 1–6. [Google Scholar]
  291. Konstantinou, C.; Maniatakos, M. Hardware-layer intelligence collection for smart grid embedded systems. J. Hardw. Syst. Secur. 2019, 3, 132–146. [Google Scholar] [CrossRef]
  292. Hashimoto, J.; Ustun, T.S.; Suzuki, M.; Sugahara, S.; Hasegawa, M.; Otani, K. Advanced grid integration test platform for increased distributed renewable energy penetration in smart grids. IEEE Access 2021, 9, 34040–34053. [Google Scholar] [CrossRef]
  293. Heiding, F.; Süren, E.; Olegård, J.; Lagerström, R. Penetration testing of connected households. Comput. Secur. 2023, 126, 103067. [Google Scholar] [CrossRef]
  294. Zhang, C.; Kuppannagari, S.R.; Kannan, R.; Prasanna, V.K. Generative adversarial network for synthetic time series data generation in smart grids. In Proceedings of the 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Aalborg, Denmark, 29–31 October 2018; pp. 1–6. [Google Scholar]
  295. Desai, S.; Sabar, N.; Alhadad, R.; Mahmood, A.; Chilamkurti, N. Mitigating consumer privacy breach in smart grid using obfuscation-based generative adversarial network. Math. Biosci. Eng. 2022, 19, 3350–3368. [Google Scholar] [CrossRef]
  296. Himthani, V.; Prakash, V. Generative adversarial network-based deep learning technique for smart grid data security. In Artificial Intelligence and Machine Learning in Smart City Planning; Elsevier: Amsterdam, The Netherlands, 2023; pp. 303–315. [Google Scholar]
  297. Ezgi, A. Generative AI in Electricity Distribution: A Qualitative Exploration. Press. Procedia 2023, 17, 208–211. [Google Scholar]
  298. Munir, M.S.; Proddatoori, S.; Muralidhara, M.; Saad, W.; Han, Z.; Shetty, S. A Zero Trust Framework for Realization and Defense Against Generative AI Attacks in Power Grid. arXiv 2024, arXiv:2403.06388. [Google Scholar] [CrossRef]
  299. Shahzad, K.; Iqbal, S.; Fraz, M.M. Automated Solution Development for Smart Grids: Tapping the Power of Large Language Models. In Proceedings of the 2023 17th International Conference on Engineering of Modern Electric Systems (EMES), Oradea, Romania, 9–10 June 2023; pp. 1–4. [Google Scholar]
  300. Zaboli, A.; Choi, S.L.; Song, T.J.; Hong, J. ChatGPT and other Large Language Models for Cybersecurity of Smart Grid Applications. arXiv 2023, arXiv:2311.05462. [Google Scholar]
  301. King, E.; Yu, H.; Lee, S.; Julien, C. Sasha: Creative goal-oriented reasoning in smart homes with large language models. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2024, 8, 1–38. [Google Scholar] [CrossRef]
  302. Dong, L.; Majumder, S.; Doudi, F.; Cai, Y.; Tian, C.; Kalathi, D.; Ding, K.; Thatte, A.A.; Xie, L. Exploring the Capabilities and Limitations of Large Language Models in the Electric Energy Sector. arXiv 2024, arXiv:2403.09125. [Google Scholar] [CrossRef]
  303. Ruan, J.; Liang, G.; Zhao, H.; Liu, G.; Sun, X.; Qiu, J.; Xu, Z.; Wen, F.; Dong, Z.Y. Applying Large Language Models to Power Systems: Potential Security Threats. IEEE Trans. Smart Grid 2024, 15, 3333–3336. [Google Scholar] [CrossRef]
  304. Yoon, Y.H. Safety Analysis of Smart Grid Lines According to DC Arc Generation. J. Electr. Eng. Technol. 2023, 18, 697–703. [Google Scholar] [CrossRef]
  305. MacDermott, A.; Baker, T.; Shi, Q. Iot forensics: Challenges for the ioa era. In Proceedings of the 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France, 26–28 February 2018; pp. 1–5. [Google Scholar]
  306. Heluany, J.B.; Galvão, R. IEC 62443 Standard for Hydro Power Plants. Energies 2023, 16, 1452. [Google Scholar] [CrossRef]
  307. Vahidi, S.; Ghafouri, M.; Au, M.; Kassouf, M.; Mohammadi, A.; Debbabi, M. Security of Wide-Area Monitoring, Protection, and Control (WAMPAC) Systems of the Smart Grid: A Survey on Challenges and Opportunities. IEEE Commun. Surv. Tutor. 2023. [Google Scholar] [CrossRef]
  308. Noura, H.; Salman, O.; Couturier, R.; Chehab, A. LESCA: LightwEight Stream Cipher Algorithm for emerging systems. Ad Hoc Netw. 2023, 138, 102999. [Google Scholar] [CrossRef]
  309. Noura, H.N.; Salman, O.; Couturier, R.; Chehab, A. A Single-Pass and One-Round Message Authentication Encryption for Limited IoT Devices. IEEE Internet Things J. 2022, 9, 17885–17900. [Google Scholar] [CrossRef]
  310. Noura, H.N.; Salman, O.; Couturier, R.; Chehab, A. LoRCA: Lightweight round block and stream cipher algorithms for IoV systems. Veh. Commun. 2022, 34, 100416. [Google Scholar] [CrossRef]
  311. Noura, H.N.; Melki, R.; Chehab, A. Secure and lightweight mutual multi-factor authentication for IoT communication systems. In Proceedings of the 2019 IEEE 90th Vehicular Technology Conference (VTC2019-Fall), Honolulu, HI, USA, 22–25 September 2019; pp. 1–7. [Google Scholar]
  312. Melki, R.; Noura, H.N.; Chehab, A. Lightweight multi-factor mutual authentication protocol for IoT devices. Int. J. Inf. Secur. 2020, 19, 679–694. [Google Scholar] [CrossRef]
Futureinternet 17 00318 g001
Figure 1. Key components of the smart grid, renewable energy sources, and communication technologies.
Figure 1. Key components of the smart grid, renewable energy sources, and communication technologies.
Futureinternet 17 00318 g001
Futureinternet 17 00318 g002
Figure 2. Visual representation of the IoT-based multi-domain integration within smart grids.
Figure 2. Visual representation of the IoT-based multi-domain integration within smart grids.
Futureinternet 17 00318 g002
Futureinternet 17 00318 g003
Figure 3. Limitations and challenges in smart grids.
Figure 3. Limitations and challenges in smart grids.
Futureinternet 17 00318 g003
Futureinternet 17 00318 g004
Figure 4. Types of smart grid attacks.
Figure 4. Types of smart grid attacks.
Futureinternet 17 00318 g004
Futureinternet 17 00318 g005
Figure 5. Attack source identification.
Figure 5. Attack source identification.
Futureinternet 17 00318 g005
Futureinternet 17 00318 g006
Figure 6. Smart grid risk mitigation and management.
Figure 6. Smart grid risk mitigation and management.
Futureinternet 17 00318 g006
Futureinternet 17 00318 g007
Figure 7. Smart grid future directions, lessons learned, suggestions, and recommendations.
Figure 7. Smart grid future directions, lessons learned, suggestions, and recommendations.
Futureinternet 17 00318 g007
Futureinternet 17 00318 g008
Figure 8. Smart grid attacks and defenses at different layers.
Figure 8. Smart grid attacks and defenses at different layers.
Futureinternet 17 00318 g008
Table 1. Integration of IoT into smart grid and its impact on efficiency, reliability, cost savings, consumer engagement, and sustainability.
Table 1. Integration of IoT into smart grid and its impact on efficiency, reliability, cost savings, consumer engagement, and sustainability.
AspectIntegration of IoTImpact
Smart MetersReal-time measurement of electricity usageDetailed consumption data, better energy management, and billing accuracy
Sensors and ActuatorsMonitoring voltage, current, and temperatureReal-time grid monitoring and control, enhanced reliability, and prevention of failures
AMITwo-way communication between utilities and consumersFacilitates demand response, dynamic pricing, and improved data management
Grid AutomationControlling switches, transformers, and other equipmentImproved fault detection, isolation, restoration, minimized downtime, and enhanced grid resilience
DERs ManagementIntegration and management of solar panels, wind turbines, and batteriesBetter coordination and optimization of renewable energy sources and reduced reliance on fossil fuels
Predictive MaintenanceCollecting data on grid component conditionsReduced maintenance costs, prevention of unexpected failures, and ensured continuous power supply
EfficiencyReal-time monitoring and controlMore efficient energy distribution and consumption, optimized grid operations, and reduced energy losses
Reliability and ResilienceQuick detection and response to faultsImproved grid reliability and reduced outage duration and impact
Renewable IntegrationManagement of renewable energy variabilitySeamless integration of renewable sources and stable grid operations
Cost SavingsOptimization of energy use and predictive maintenanceReduced operational costs for utilities and lower energy bills for consumers
Consumer EngagementAccess to detailed usage data and participation in demand responseInformed consumer decisions and contribution to grid stability
SustainabilitySupport for green energy sources and promotion of energy efficiencyReduced greenhouse gas emissions and a more sustainable energy future
Table 2. Advantages achieved by employing smart grids.
Table 2. Advantages achieved by employing smart grids.
EnhancementDescription
Effective Energy Management (EEM)Achieves more effective energy supply and demand, smart grid energy storage systems, and more efficient grid management by gathering and evaluating vast amounts of data on energy use and grid performance. Utilizes DERs, Demand Response (DR) technologies, such as Smart Meters (SM), and Energy Management Systems (EMSs) to optimize energy usage and minimize waste. Expected to be replaced by Intelligent Energy Management (IEM) using machine learning and data analytics.
Enhanced Asset ManagementEfficiently manages and monitors grid assets to lower maintenance and repair costs while enabling users to track their energy use in real time and make intelligent decisions about energy consumption. Controls energy demand response to minimize grid burden and reduce operational costs.
Enhanced ReliabilityUtilizes modern monitoring and control systems to accurately detect and respond to disruptions, effectively identifying and isolating faults with minimal delays.
More Energy EfficiencyEnhances energy distribution management through real-time monitoring and analysis of energy consumption, enabling demand response programs and integration of renewable energy sources.
Efficient Renewable Energy IntegrationMonitors and manages energy resource distribution to avoid waste and adopt an eco-friendly approach, enhancing renewable energy forecasting and improving energy supply and demand management.
Improved Grid PlanningUtilizes advanced sensors and data analysis tools to optimize grid planning and maintenance, enhancing resiliency, flexibility, and efficiency at a reduced cost.
Enhanced Safety and SecurityStrengthens resilience against cyber and physical attacks, enabling rapid power restoration and improved grid resilience through self-healing and fault detection capabilities.
Enhanced EV IntegrationIntegrates EVs and provides charging infrastructure and smart charging management.
Modernized TechnologiesUpgrades smart grid infrastructure with new capacitors, programmable logical controllers, transformers, transmission lines, substations, and equipment, improving planning, implementation, and design.
Real-Time Detection and IsolationMonitors grid conditions, faults, and outages in real time, quickly isolating them to enable fast power restoration. Relies on IoT devices and sensors for data collection.
Improved Network PerformanceMonitors network traffic in real time to detect and mitigate cyber–physical threats, optimizing network operations and performance securely.
Improved Energy DistributionRelies on micro-grids and virtual power plants to provide a reliable energy supply independently of the primary grid, utilizing DERs to act as a single, coordinated energy source.
Table 3. A set of possible communication types and technologies in smart grids.
Table 3. A set of possible communication types and technologies in smart grids.
CommunicationType/TechnologyDescription
TypesHome Area Network (HAN)Uses wired (Ethernet) or wireless (Bluetooth, Zigbee, 802.11) technologies to link household appliances to smart meters to detect energy usage and transmit the data to the server [22].
Neighborhood Area Network (NAN)Links Intelligent Electronic Devices (IEDs), smart meters, and other distribution automation devices to WAN gateways, collectors, and field devices to gather user data and facilitate WAN-premise communication area [22].
Wide Area Network (WAN)Employs fiber optics, 3G, LTE, WiMAX, or GSM to facilitate communication via HAN [23] between a smart meter, suppliers, and the utility server.
LoRaWANA low-power, long-range wireless platform that supports energy management, smart grid infrastructure efficiency, and disaster prevention [24].
TechnologiesPower Line Communication (PLC)Uses existing power distribution infrastructure to transmit data signals over the power lines.
Wireless CommunicationUsed for data transmission in smart grids without physical connections.
Fiber Optic CommunicationFO cables provide high-speed data transmission for long-distance communication in smart grids, with high bandwidth, resilience to electromagnetic interference, and low latency.
Radio Frequency Communication (RFC)Uses radio waves for data transmissions using short-range communication between devices within a localized area.
Broadband over Power Line (BPL)Offers high-speed data communication over existing power lines, improving communication between systems and smart grid devices.
Mesh NetworkingAllows efficient and reliable communication within a localized area, forming a self-configuring and resilient network.
Satellite Communication (SatComs)Provides connectivity for data transmission, allowing smart grid devices in remote areas to communicate with the central grid management system.
Ethernet CommunicationUsed in Local Area Networks (LANs) to provide high-speed and reliable data transmission over wired connections.
Narrowband CommunicationUses narrow frequency bands for data transmission using low-power, low-data-rate applications.
Table 7. Beyond IoT technologies for smart grids.
Table 7. Beyond IoT technologies for smart grids.
TypeDescriptionCharacteristicsLink to Smart GridUse CasesAdvantagesLimitationsChallengesMitigation
Edge ComputingLocal data processing at or near smart grid endpointsLow latency, decentralized, real-time responseEnhances local anomaly detection, reduces reliance on central systemsFault isolation at substations, real-time load balancingReduced latency, bandwidth savings, improved resilienceLimited processing power, distributed complexityData synchronization, firmware attacksSecure boot, local authentication, OTA updates
Fog ComputingIntermediate data processing between edge and cloudDistributed, regional aggregation, near-real-timeSupports collaborative detection and coordinated regional responsesRegional anomaly aggregation, predictive load analyticsBalances speed and computation, scalable architectureLatency higher than edge, still dependent on network healthResource allocation, trust managementEncrypted channels, role-based access controls
SDNProgrammable network control separated from hardwareCentralized control, dynamic configuration, flexible routingQuick re-routing in case of attacks, centralized monitoringDDoS containment, segmented network zonesFine-grained control, better visibilitySingle point of failure riskController security, interoperation with legacy systemsRedundant controllers, secure APIs
NFVVirtualization of network services like firewalls or IDSHardware decoupled, scalable, cloud-nativeOn-demand deployment of security servicesDynamic firewall placement, remote IDS deploymentCost-effective, flexible security functionsPerformance can vary under loadResource contention, function chaining complexityQuality of Service (QoS) policies, function isolation
Digital TwinReal-time virtual model of physical grid componentsReal-time mirroring, predictive simulationAllows testing of attack scenarios and impact analysisPredictive maintenance, training simulationsInsightful monitoring, fault predictionRequires continuous data flow, high setup complexityModel accuracy, synchronizationRegular validation, AI-assisted modeling
Table 8. Limitations of smart grid technologies.
Table 8. Limitations of smart grid technologies.
LimitationDescription
Financial IssuesMay prove to be a constant limitation, especially since the cost of implementing a smart grid system and maintaining its infrastructure can be high, and without the proper funding and sponsorship, some facilities, utilities, plans, and projects may be delayed or canceled due to lack of investments.
Maintenance IssuesSmart grid systems require constant maintenance and scheduled inspection to maintain the effectiveness of their operations. However, this proves to be a problem, especially in modernizing them due to aging equipment that causes constant equipment failure.
Communication BottleneckGiven how much smart grid technologies depend on communication networks to constantly transmit data and control electricity flow in a real-time manner, this already creates a burden that may affect the network performance and cause a communication bottleneck. Also, any disruptions will indeed cause a significant problem and result in the disruption and interruption of smart grid services.
Integration IssuesDue to the varied, complicated structure of smart grid systems and IoT devices, which rely on different requirements to deploy and integrate them, this is a challenging limitation.
ManpowerWith the rise of machinery and reduced human labor, stakeholders may hesitate to adopt smart grid technologies due to concerns about job losses and salaries.
Energy StorageMay prove to be a problem due to the cost and technical limitations surrounding the energy storage capacities to manage intermittent renewable energy sources.
Cultural BarriersMay cause some communities not to adopt smart grid technologies due to safety, security, and privacy concerns, especially without reassurance and education.
Complexity of System and Data ManagementManaging and maintaining a smart grid system with numerous interconnected components can be complex and resource-intensive. In addition, the smart grid generates vast amounts of data that require efficient storage, processing, and analysis, posing challenges in data management and analytics.
Reliability of Communication NetworksThe performance of the smart grid heavily relies on the reliability of communication networks, which can be susceptible to failures and disruptions.
Security ConcernsSmart grids are susceptible to cyberattacks, data breaches, and other security threats, necessitating robust security measures to protect the grid infrastructure.
Table 10. Smart grid threat type and description.
Table 10. Smart grid threat type and description.
Threat TypeDescription
Cyber ThreatUnauthorized digital access, such as malware and DDoS attacks
Insider ThreatsMisuse of legitimate access by internal personnel
Physical ThreatsDestruction or tampering of physical infrastructure
Privacy ThreatsData exposure through surveillance or data leakage
Infrastructure HazardsEquipment or environmental risks causing operational failure
Human ErrorsMistakes due to poor training or fatigue.
Table 11. Security and safety-based threats within smart grids.
Table 11. Security and safety-based threats within smart grids.
Threat ClassificationTypeDescriptionEnhancements
Security-basedCyber ThreatsTargets the communication networks, data storage, and control systems often used to manage the grid, often resulting in power outages and blackoutsSecure communication, encryption, or privacy-preserving
Physical ThreatsDamages, alters, or destroys the infrastructure of smart grids including sensors, smart meters, communication equipmentTamper-resistant devices with access control and security guidelines
Malware ThreatForms many virus types, including Trojans and worms that infect smart grid devices and lead them to malfunctionAnti-malware and anti-virus
Insider ThreatExploits these privileges or non-malicious users accidentally/mistakenly use themAccountability, access control, and limited privileges
Privacy ThreatsLeads sensitive information about electricity consumption patterns to be possibly leaked or interceptedPrivacy-preserving, anonymity, and encryption
DoS ThreatOverwhelms the smart grid network with traffic or requests, causing the system to crashDDoS detection, intrusion detection systems, firewalls, and honeypots
Security-basedAdvanced Persistent ThreatsHas sophisticated zero-day nature that would disrupt critical systemsUpdating systems/operating systems software batches and security measures up to date
Supply Chain ThreatsCompromises its components where a malicious code can be injected into the smart grid network, halting its operational serviceIncident response training, incident response planning
Social Engineering ThreatsThe objective is to manipulate employees to divulge sensitive information or exploit their access privileges to compromise the smart grid’s securityNon-disclosure agreements, accountability and training, contracts and agreements, secure communications
Safety-basedPower OutagesAffects the smart grid’s critical infrastructure that relies on electricity as a functioning sourceBackup plans/devices and incident response groups
Infrastructure HazardsNegatively impacts public safety and healthAdoption of international safety guidelines
CyberattacksCauses a safety threat as the operations of smart grids can be halted and disrupted, resulting in power outagesCryptography, intrusion detection, anti-malware, firewalls, and honeypots
Human MistakesImpacts the safety of the smart grid, such as fatigue, dissatisfaction, lack of experience, and trainingAwareness training, constant user training and education, Standard Operating Procedures
Machine Error(s)Occurs due to technical malfunctions, software bugs, glitches, hardware failures, sensor or measurement errors, equipment failures, or communication issuesUser-friendly interfaces, safety by design, and regular system maintenance
Table 12. Security and safety-based vulnerabilities within smart grids.
Table 12. Security and safety-based vulnerabilities within smart grids.
Vulnerability ClassificationTypeDescriptionEnhancements
Security-basedWeak Authentication and Access ControlsWeak or outdated mechanisms for access control and authentication, leaving them prone to various attacksAccess controls, biometric measures, and multi-factor authentication
Weak EncryptionPoor encryption or no encryption at all, leaving communication channels and networks open, exposing dataAdvanced symmetric encryption techniques enforced by machine learning algorithms
Software VulnerabilitiesAttackers can exploit security gaps and gain unauthorized access, exploit misconfiguration, execute malicious code, and inject malicious dataConstant updates and ethical hacking (pen testing)
Supply Chain VulnerabilitiesCan disrupt the flow of data and services, which can affect the power outage and result in a blackoutRegulatory compliance, secure communication, cyber–physical security measures, and risk assessment
Equipment and System VulnerabilitiesFlaws in the technological infrastructure, software, or hardware/device components to compromise the smart gridResponse strategies, regulatory compliance, and security awareness training
Security-basedPhysical Security VulnerabilitiesWeaknesses with the physical infrastructure and assets, including non-secure and weakly surveyed substations, leading to them being breachedFences, gates, surveillance cameras, intrusion detection systems, security facilities, and equipment protection
DER VulnerabilitiesLack of communication standardization can result in several exploitable protocols and standards, making them vulnerable to virus attacksStrong authentication and encryption protocols, regular security checking and risk assessments
Operators’ VulnerabilitiesCan occur intentionally as a result of an insider threat to cause sabotage or espionage acts or unintentionallyBackground checks, regular employee training, monitoring users, and enforcing accountability
Cloud-based VulnerabilitiesRaises data privacy and security concerns since it includes customer information, energy consumption patterns, grid operation dataEncryption, access controls, and secure communication protocols
Safety-basedEquipment FailureEquipment breakdown or degradation of operations and services often caused by the malfunction of different smart grid partsProactive measures such as redundancy and backup systems, condition-monitoring techniques, regular and scheduled inspections, maintenance, and equipment testing
Communication FailuresCommunication disruption or interruption of smart grid’s communication channels and protocols for data transmission and receivingStrong encryption and authentication (multi-factor) protocols, redundant communication paths, fault-tolerant systems, and backup or alternative communication channels
Natural DisastersOften related to severe weather conditions as a result of severe weather conditions such as extreme temperatures, heatwaves, ice storms, sand/desert storms, and high winds, or catastrophic eventsEnhanced monitoring and early-warning systems, advanced equipment design and construction, proactive maintenance and vegetation management
Table 13. Classification of smart grid attacks.
Table 13. Classification of smart grid attacks.
CategoryAttack TypeDescription
VisibilityCovert, OvertAttacks that are either stealthy or openly visible
ActivityPassive, ActivePassive (e.g., eavesdropping) or active (e.g., data injection)
CoordinationSimultaneous, SeparateCoordinated multi-vector or isolated events
SophisticationAdvanced Persistent Threat, Zero-dayHighly advanced attacks exploiting unknown vulnerabilities
Table 14. Extended classification of smart grid attack types.
Table 14. Extended classification of smart grid attack types.
CategoryAttack TypeDescriptionCharacteristicsThreatsVulnerabilityImpact AreaCountermeasuresOrigin (Act of)
VisibilityCovertHidden, stealthy intrusion aimed at unauthorized data access or manipulationStealthy, persistentEspionage, APTWeak monitoring, unlogged accessData privacy, integrityAnomaly detection, behavioral analyticsEspionage, sabotage
OvertOpenly launched attacks like DDoS or defacementObvious, aggressiveDoS, cybercrimePublic-facing systemsAvailability, visibilityFirewalls, rate limiting, DoS filteringCybercriminal activity, protest (hacktivism)
ActivityPassiveEavesdropping without modifying data or systemsNon-disruptiveSurveillance, sniffingUnencrypted channelsPrivacy, confidentialityEncryption, secure protocolsEspionage
ActiveDirect data alteration or disruptionIntrusive, maliciousTampering, spoofingInsecure authenticationIntegrity, availabilityIDS/IPS, access controlSabotage, cybercrime
CoordinationSimultaneousCoordinated multi-vector attacks on multiple targetsHigh-impact, synchronizedCyberwarfare, terrorismSystem interdependenceMultiple critical servicesSegmentation, redundancy, early-warning systemsTerrorism, military operations
SeparateIsolated and independent attack eventsLocalized, targetedOpportunistic attacksIsolated endpointsSpecific devices/subsystemsEndpoint hardening, device-specific monitoringCybercriminal or insider threat
SophisticationZero-DayExploits unknown vulnerabilities to evade detectionUndetected, rapidZero-day malwareSoftware/firmware flawsControl systems, data layerThreat intelligence, patch managementEspionage, military-grade hacking
APTLong-term, targeted attacks via multiple vectorsPersistent, stealthy, complexEspionage, data theft, sabotageWeak access control, poor segmentationStrategic infrastructureMulti-layered defense, threat hunting, incident responseEspionage, state-sponsored military operations
Table 15. A set of possible smart grid security attacks and countermeasures.
Table 15. A set of possible smart grid security attacks and countermeasures.
CategoryAttack TypeDescriptionCountermeasures
IntegrityFalse Data Injection Attacks (FDIA)Alter the packet content to disrupt services by injecting false data.Data-driven learning-based algorithm with reconfigurable Euclidean detectors [173]; mathematical model framing the original sinusoidal signal from the evaluator state variable [174]; strategic honeypot game model with reconfigurable Euclidean detectors [175]; machine-learning-based solutions including attention-aware deep reinforcement learning [176], pre-deployment PMU greedy algorithm [177]
Meter Manipulation and Theft AttacksIllegal tampering of smart meter hardware/software to retrieve data or steal electricity.CNN-LSTM model for data classification [178]; robust data-driven detection of electricity theft adversarial evasion attacks [179]
Time Synchronization Attacks (TSA)Tampering with time offsets to desynchronize work schedules.Fast pre-keying-based integrity protection for smart grid communications [180]; novel hardware-assisted authentication scheme [181]
AuthenticationSpoofing AttacksEavesdropping and falsifying data to impersonate trusted senders.Use of Routing Protocol for Low Power and Lossy (RPL) Networks [182]; cross-layer detection mechanism with GPS carrier-to-noise ratio (C/No)-based spoofing detection [183]
Session Key Exposure AttacksInterception of session key generation to find authentic key values.Lightweight conditional privacy-preserving authentication and key-agreement protocol [184]; certificate-based access control in smart grid edge computing infrastructure [185]; secure demand response management authentication scheme [186]
Sybil AttacksUse of multiple fake identities to gain control in peer-to-peer networks.Decentralized countermeasure against Sybil attack in RPL-based IoT networks [187]; Sybil attack detection scheme with optimized support vector machines and received signal strength [188]
Availability(Distributed) Denial of Service (DoS/DDoS) AttacksOverload of network traffic causing service disruptions.Privacy-preserving traffic signaling protocol [189]; Functional Mock-up Interface (FMI)-compatible co-simulation platform [190]
TCP-SYN Flooding AttacksFlooding the system with SYN requests, leaving communication ports half-open.Protocol-dependent detection and classification system [191]; machine-learning-enabled TCP-SYN flood detection framework using Openflow port statistics [192]; lightweight and practical mitigation mechanism for Software-Defined Networking (SDN) architecture [193]
Jamming AttacksFlooding wireless protocols with noise to disrupt communication.Mobile jammer localization technique “JamCatcher” [194]; Channel hopping, MIMO-based jamming mitigation techniques, MAC layer strategies like rate adaptation and power control mechanisms, and channel coding techniques like FHSS and DSSS [195]
Amplification AttacksUse of UDP protocols and spoofed IPs to overwhelm networks or exhaust resources.MD5-hash-algorithm-based socket program for encryption and decryption of vital smart grid data [196]; Software-Defined Networking (SDN) environment and lightweight Tsallis-entropy-based protection methods [197]
PrivacySniffing AttacksIntercepting communication lines to retrieve valuable data.One-Time Password (OTP) and OTP-based authentication approaches [198]
Eavesdropping AttacksPassive interception to discover sensitive information.Privacy-enhanced authentication technique for smart grid infrastructure [199]; low-power Wireless Sensor Network (WSN) attack detection and isolation approach [200]
Homograph AttacksUse of visually similar characters to deceive users into accessing malicious domains.Domain fluxing using Domain Generation Algorithms (DGAs) [201]; cryptocurrency wallet with comprehensive on-chain solution for aliasing accounts and tokens [202]; blockchain-based methodology for threat detection [203]; enhanced cloud storage encryption standard [204]
Table 16. Smart grid security attacks and countermeasures.
Table 16. Smart grid security attacks and countermeasures.
AttackTargetSecurity GoalsSecurity Measures
TypeClassHardwareSoftwareConfidentialityIntegrityAvailabilityAuthenticationAuthorizationPrivacyDetectionPrevention
False Data InjectionModificationYesYesXXData-driven learning-based algorithm [173], reconfigurable Euclidean detectors [174], strategic honeypot game model [175]Attention-aware deep reinforcement learning [176], pre-deployment Phase Measurement Units (PMUs) [177]
SpoofingInterceptionYesYesXXCross-layer detection mechanism [183]Routing Protocol for Low Power and Lossy (RPL) Networks [182]
SniffingInterceptionNoYesXIntrusion DetectionAccess Control, One-Time Password (OTP) [198]
Meter Manipulation and TheftTamperingYesYesRobust data-driven detection [179]CNN-based LSTM model [178] for detection and hardware-based tamper detection [205], secure firmware and boot mechanisms [206], real-time consumption monitoring [207], and audit trails and logging [208] for mitigation
Session Key ExposureInterception/
Manipulation		NoYesXAccess Control, Intrusion DetectionLightweight conditional privacy-preserving authentication and the key-agreement protocol [184], certificate-based access control [185], secure demand response management authentication scheme [186]
Time SynchronizationTamperingYesYesIntrusion Detection, Time StampsFast prekeying-based integrity protection [180], novel hardware-assisted authentication scheme [181]
DDoSOverloadingNoYesXXXXXAnomaly Detection, compromise propagation model [209], hybrid deep learning algorithm [210]Privacy-preserving traffic signaling protocol [189], Functional Mock-up Interface (FMI)-compatible co-simulation platform [190]
TCP-SYN FloodingFloodingNoYesXXXXXProtocol-dependent detection and classification system [191], machine learning (ML)-enabled TCP-SYN flood detection framework [192]Lightweight and practical mitigation mechanism [193]
JammingInterruptionYesYesXXXXX“JamCatcher” [194]MIMO-based techniques, rate adaptation and power control mechanisms, FHSS, DSSS [195]
EavesdroppingImpersonationYesYesXXXXLow-power Wireless Sensor Network (WSN) attack detection and isolation mechanism [200]Privacy-enhanced authentication scheme  [199]
HomographDeceptionNoYesXBlockchain-based methodology for threat detection [203]Domain Generation Algorithms (DGAs) [201], enhanced cloud storage encryption standard  [204]
AmplificationDisruptionNoYesXXXXSoftware-Defined-Networking-based DDoS Protection System [197]MIAMI-DIL [211], anomaly detection algorithm [211]
SybilDisruptionNoYesXXXXSybil attack detection scheme [188]RPL-based IoT networks [187]
Checkmarks show what key security goals are targeted, and the X shows what key security goals are missed.
Table 17. Summary of risk types.
Table 17. Summary of risk types.
CategoryRisk TypeDescription
Safety-basedData ExposureExposure of collected and analyzed data without proper privacy and security measures, revealing sensitive information about energy consumption patterns, user behaviors, and unauthorized access.
Information TransmissionDisruption, delay, or denial of data transmission between sensors, smart meters, and control systems, causing potential health and safety hazards.
Communication Emission LevelsConcerns about electromagnetic radiation emitted by smart grid communication, requiring further testing to comply with safety standards.
System DowntimeProlonged downtime causing significant inconvenience, impacting critical infrastructure such as hospitals and emergency services.
Infrastructure DamagePhysical damage to substations, transformers, control centers, transmission lines, and electric grids due to natural disasters, aging equipment, or
terror attacks.
QoSIssues like voltage fluctuations, harmonic distortions, or voltage sags causing equipment damage or safety hazards.
Legal and Regulatory IssuesDiffering regulations between countries, with gaps in safety standards, data privacy, and accountability.
Energy Theft and FraudExploitation of data collection and billing mechanisms for energy theft and fraudulent activities, requiring robust security measures.
Grid Congestion and OverloadIncreased energy load causing operational inefficiencies and potential equipment failures.
Security-basedSmart Grid TechnologiesInvolvement of supply chains in development, deployment, and maintenance introduces risks like hardware tampering, software exploits, and service disruptions.
Malware HacksVulnerability to malware attacks (e.g., Stuxnet, BlackEnergy) disrupting smart grid operations as part of espionage or sabotage acts.
InsidersInsider threats exploiting privileged access to sensitive information and systems, leading to abuse, exploitation, and data extraction.
Lack of Security StandardsIntroduction of security vulnerabilities in the infrastructure, making risk assessment and mitigation difficult.
Remote and Unauthorized AccessCyberattacks gaining unauthorized access through social engineering and phishing, leading to data manipulation and theft.
Authentication and Authorization RisksInadequate enforcement compromising communication networks and devices, allowing unauthorized access to the grid and sensitive information.
Lack of Security Updates and Patch ManagementFailure to apply updates and patches in a timely manner, leading to software exploitation, data breaches, and unauthorized access.
Table 18. Smart grid risk management activities.
Table 18. Smart grid risk management activities.
Risk Management ActivityDescription
Asset IdentificationInvolves identifying and keeping track of important assets interconnected to the smart grid infrastructure, including power generation facilities, transmission lines, substations, control systems, and communication networks.
Threat IdentificationInvolves locating and evaluating possible risks and dangers that could affect the smart grid, including cyber–physical attacks, natural disasters, equipment malfunctions, or human errors.
Vulnerability AssessmentAssesses vulnerabilities, weaknesses, and security gaps within the smart grid infrastructure, such as communication networks, access controls, software, and hardware components.
Risk AnalysisInvolves identifying and analyzing threats and vulnerabilities to evaluate the risk level, considering the likelihood of an event and its potential impact on smart grid operations, availability, security, safety, and reliability.
Risk EvaluationPrioritizes identified risks based on severity, likelihood, and impact to identify the most critical risks for mitigation with available resources.
Risk MitigationInvolves deploying security and safety strategies to mitigate identified risks, applying technical controls, operational practices, and organizational measures such as cyber–physical security measures, contingency plans, incident response, training, policies, and procedures.
Constant Risk MonitoringMonitors and reviews the effectiveness of risk mitigation measures to maintain risk levels within acceptable margins, identifies future potential risks, and recommends new mitigation plans involving utility operators, cybersecurity experts, and engineers for proper assessment and monitoring.
Table 19. Risk evaluation steps in smart grids.
Table 19. Risk evaluation steps in smart grids.
Risk Evaluation StepDescription
Risks IdentificationCompilation of identified risks from the risk assessment process, including cyber–physical threats, accidents (human errors, equipment failure), and natural disasters.
Likelihood AssessmentEvaluation of the probability of each risk’s occurrence based on historical data analysis, expert judgment (pen testing), and (cyber) threat intelligence. Qualitative or quantitative risk assessments are assigned accordingly.
Impact AssessmentAnalysis of potential consequences following the risk’s impact on smart grid infrastructure, including operations, communications, availability, safety, security, privacy, reputation, customer feedback, and financial losses. Qualitative or quantitative ratings are assigned accordingly.
Risk Calculation and PrioritizationCalculation of the severity level of each risk by combining its likelihood and impact to determine its significance. Prioritization is based on quantitative mathematical formulas or qualitative information analysis.
Decision-MakingAdoption of risk treatment strategies based on prioritization, determining if each risk should be accepted, avoided, or mitigated using appropriate security and safety measures in a cost-effective, robust, and feasible manner.
Risk DocumentationDocumentation of results, including risks’ severity, occurrences, impacts, and risk treatment decisions based on lessons learned.
Table 20. Risk mitigation measures.
Table 20. Risk mitigation measures.
Risk Mitigation MeasureDescription
Security MeasuresInvolving both physical and cyber-security measures, such as access control systems, firewalls, intrusion detection/prevention systems, advanced encryption, honeypots, multi-factor authentication, anti-virus software, tamper-resistant devices, backup servers, advanced surveillance, and access privileges to safeguard vital smart grid infrastructure against physical and cyberattacks and to monitor for unusual or suspicious activity in system operations and network traffic.
Constant UpdatesRegularly updating batch and patch software and firmware to address known and newly discovered vulnerabilities. This can be done by relying on ethical hacking and penetration testing to identify vulnerabilities and discover exploitable security gaps.
Securing Critical ComponentsIncluding substations, control centers, and data centers with physical barriers, barbed (electrical) fences/wires, intrusion detection and alarm systems, movement detection sensors, surveillance systems, access control mechanisms, and security personnel. This includes simulation scenarios to maintain ongoing regular inspection and maintenance of physical infrastructure to identify and address newly discovered vulnerabilities.
Advising Contingency PlansAs part of emergency and incident response plans, based on well defined and integrated procedures to address sudden and abrupt disruptions and interruptions of services. This includes constant testing and defining new methods and maps to follow and adopt to maintain a high level of readiness.
Regular Personnel TrainingEducating staff on the best security practices depending on their working domain within the smart grid, including security personnel, engineers, stakeholders, and operators. This includes incident response and awareness of potential risks.
Security and Safety By DesignDesigning robust and redundant fail-safe smart-grid mechanisms to reduce the likelihood and impact of equipment failures. This is achieved by implementing advanced grid management technologies to maintain real-time monitoring and control to promptly detect and respond to incidents, enhance system resilience, and mitigate the impact of power outages.
Maintaining Constant CollaborationBetween industry peers, government agencies, intelligence agencies, military (i.e., UN and NATO), and cybersecurity organizations for information sharing and (cyber) threat intelligence sharing on new dangers, threats, weaknesses, and obstacles, as well as identifying the best security/safety practices, frameworks, and guidelines to enforce regulatory compliance.
Constant Evaluation and AssessmentOf risk mitigation measures to adapt to evolving threats to maintain effective mitigation strategies and best practices, including continuous monitoring, incident response planning, and proactive threat intelligence analysis to maintain robust smart grid security and safety.
Table 21. Smart grid security risk mitigation.
Table 21. Smart grid security risk mitigation.
AttackRiskTargetMitigation
TypeClassificationSafetySecurityPrivacyUserSoftwareHardwareCommunicationSecurity Measures
Social EngineeringExploitModerate/HighModerateModerateXXXAwareness training, non-disclosure agreement, accountability
PhishingMalwareLowHighModerateXAwareness training, email security, anti-virus
Trojan/WormMalwareHighHighHighXXAnti-malware, anomaly detection, firewalls, constant updates
BotnetMalwareModerateHighHighXAnti-malware, intrusion detection, network monitoring, constant updates
False Data InjectionInterceptionLowModerate/HighHighXXXML-based detection, encryption, secure channels
SpoofingInterceptionLowHighHighXXML-based multi-layer detection, encryption, secure channels
SniffingInterceptionLowModerateHighXXXAccess control, OTP, multi-factor authentication
Meter Manipulation and TheftForensicsModerate/HighHighModerate/HighXXML-based detection, anti-tampering, intrusion-detection, access controls
Session Key ExposureInterceptionLowHighModerate/HighXXCertification-based access controls, privacy-preserving, key agreement, multi-factor authentication
Time SynchronizationInsertionLowModerate/HighModerateXXFast prekey-based integrity protection, hardware-assisted authentication
DDoSDisruptionModerate/HighVery HighModerateXXPrivacy-preserving traffic signaling protocol, DDoS detection, anonymity, forward key secrecy
TCP-SYN FloodingDisruptionLow/ModerateHighLowXXXProtocol-dependent detection and classification, ML-based detection, lightweight encryption/authentication
JammingDisruptionModerate/HighHigh/Very HighLowXXMIMO, channel coding, FHSS, DSSS
Eavesdropping LowHighHighXXXWSN detection and isolation, privacy-enhanced authentication
HomographDeceptionModerateHighHighXDGA, access control, awareness training, cloud storage encryption
AmplificationDisruptionLow/ModerateHighModerate/HighXXAnomaly detection, DDoS detection, lightweight encryption
SybilDisruptionModerate/HighHighLowXXXML-based solutions, DDoS detection, Sybil attack detection
Checkmarks show what key security goals are targeted, and the X shows what key security goals are missed.
Table 22. Mapping of smart grid risks to appropriate security solutions.
Table 22. Mapping of smart grid risks to appropriate security solutions.
Risk/VulnerabilityImpact AreaSuggested Security Solution
False Data Injection (FDI)Data integrity, system reliabilityMachine-learning-based anomaly detection, cryptographic message authentication, PMU redundancy
Insider ThreatsAuthentication, access controlRole-based access control (RBAC), behavior-based monitoring, forensic auditing
Communication FailuresAvailability, service continuityRedundant communication channels, mesh networking, fault-tolerant protocols
Zero-Day VulnerabilitiesEntire infrastructureThreat intelligence feeds, regular patching, AI/LLM-based zero-day detection
Weak AuthenticationAccess control, data exposureMulti-factor authentication, certificate-based identity verification
Physical Security BreachesHardware integrity, public safetyPerimeter intrusion detection, surveillance systems, tamper-evident hardware
Equipment FailuresGrid stability, public safetyPredictive maintenance using ML, hardware redundancy, safety compliance protocols
Table 23. Smart grid cryptographic protocols and security solutions.
Table 23. Smart grid cryptographic protocols and security solutions.
YearRef.TypeDescriptionCharacteristicsAdvantagesDrawbacksLimitationsChallengesImprovements
2018[226]ECC-based AuthenticationLightweight ECC-based authentication scheme between substations and control centerProvides mutual authentication, low computational/communication costsDefends against known attacks, suitable for resource-limited environmentsNot blockchain-enabled, lacks post-quantum securityNot tested in dynamic environments or large-scale systemsHandling latency in real-time updatesCould benefit from integration with fog/blockchain layers
2021[227]ECC Mutual AuthenticationECC-based mutual authentication for robust smart grid security in delay-sensitive communicationLightweight, scalable, ECC-basedRobust against known attacks, energy efficientECC still computational for ultra-constrained devicesLack of privacy-preserving featuresEnsuring low-latency in complex networksCould incorporate privacy-preserving techniques like FHE
2019[228]TACIT EncryptionMessage encryption using TACIT hardware chip in grid distributionTime-authenticated cryptographic identity chipHardware-embedded, efficient for real-time useFocused on message encryption onlyLimited to hardware-level, not flexible for software updateIntegration across legacy systemsExpand to support multiple encryption schemes
2021[229]TACIT and FPGA SecurityEnhanced TACIT using embedded systems and FPGA for nuclear/grid dataHigh-speed, embedded, FPGA-integratedEnd-to-end encryption, real-time processingHardware dependenceLimited scalability for non-FPGA systemsFirmware patching and compatibilityHybrid software–hardware models for adaptability
2021[230]ECC ValidationECC-based validation and data protection using ProVerif and BAN logicFormal verification, ECC, lightweightStrong formal proofs, efficient communicationLimited quantum resistanceLimited to validation without encryption layerAddressing insider threatsCombine with secure key distribution systems
2022[231]AES S-box for SCADAAES-based S-box to secure SCADA in smart gridsLightweight chip-based AESEfficient chip integration, SCADA protectionFocused on substitution layer onlyNot holistic security coverageEnsuring chip integrity in long-term useMulti-layer security integration with IDS
2023[232]AES ChipAES cryptographic chip simulated on Xilinx for grid dataHardware-optimized AESEfficient encryption/decryption, real-time performanceChip-only implementationDoes not cover key management or authenticationSecure firmware lifecycleIntegrate key rotation protocols
2023[233]Fog-based Session Key ProtocolAnonymous session key agreement via fog computingSpecialized middle layer, dynamic session keysImproved security and anonymityPrivacy trade-offs with session linkabilityScalability in ultra-dense deploymentsDynamic node handlingMerge with FL and blockchain for flexibility
2023[234]Lightweight Authentication ProtocolLightweight Authentication using Esch256 and authenticated encryptionHash-based, energy efficient, fastLow-resource usage, high protectionDependent on hash function strengthNeeds full evaluation in wide networksResistance to side-channel attacksExpand to hybrid crypto-auth models
2023[235]Secure Data AggregationEfficient data aggregation system to distinguish benign vs. malicious usersPrivacy-aware, optimized crypto-overheadSmart classification, efficient aggregationSensitive to data poisoningDependence on pre-learned thresholdsAdapting to evolving attacker behaviorReinforcement-learning-enhanced detection models
2023[236]Lightweight Mutual AuthenticationMutual authentication for smart metersLightweight, surveillance-focusedSecure against known threatsMay lack resilience to future attacksNo mention of integration with external APIsScaling to massive smart meter deploymentsIntegration with FL and anomaly detection models
Table 24. Smart grid blockchain approaches and security solutions.
Table 24. Smart grid blockchain approaches and security solutions.
YearAuthorsTypeDescriptionCharacteristicsAdvantagesDrawbacksLimitationsChallengesImprovements
2021Wang et al. [237]Authentication Protocol and BlockchainCombines ECC, Join-and-Exit mechanism, batch verification with blockchain to secure real-time power transmissionsReal-time security, blockchain-based, cryptographic protocolEnhanced performance and security against DDoSComplex integration of multiple cryptographic toolsScalability concerns with large-scale smart grid environmentsEnsuring low-latency in real-time applicationsCombine lightweight cryptography for constrained devices
2023Liu et al. [238]Aggregation SchemeCertificate-less public key cryptography for multi-dimensional data aggregation using Paillier encryption within fog computingPaillier homomorphic encryption, fog-based architectureReduces computational load on smart meters, improves data privacyComplex implementation, dependency on fog infrastructureCertificate-less schemes may still require PKG trust assumptionsSecure key management and aggregation in dynamic environmentsIntroduce adaptive trust models for user key exchange
2023Sani et al. [239]Blockchain ModelSDAG model providing energy node visibility without involving energy operators using registration and data-aware protocolsCryptographic identity assignment, session key-based awarenessImproves visibility, supports decentralized controlProtocol overhead may increase with node numbersLimited real-world deployment validationBalancing privacy with operational transparencyLeverage lightweight encryption for constrained nodes
2023Oberko et al. [240]Access Control DesignEthereum-based design ensuring traceability and revocability, secured by Decisional Bilinear Diffie–Hellman theorySmart contracts, public key generation, secure decryptionHigh security, traceability, reduced overheadRequires Ethereum infrastructure and understanding of smart contractsEnergy-intensive operations on Ethereum blockchainMaintaining performance in high-throughput scenariosOptimize contract execution costs
2023Bitirgen et al. [241]Attack Detection ModeCNN-LSTM model optimized with PSO to detect false data injection attacks in smart gridsHybrid deep learning, particle swarm optimizationHigh accuracy, effective against FDI attacksMay require high training time and compute resourcesModel generalizability across varying grid architecturesAdaptation to different smart grid configurationsIntegrate online learning for real-time adaptation
Table 27. Smart grid honeypot solutions and security approaches.
Table 27. Smart grid honeypot solutions and security approaches.
YearRef.TypeDescriptionCharacteristicsAdvantagesDrawbacksLimitationsChallengesImprovements
2022[267]DL/Anomaly DetectionLSTM RNN-based model for log-based anomaly detection using partial feature contributionDeep learning, weak label support, LSTM architectureHigh accuracy (99.8%) with only 25% features usedRequires tuning and training effortModel generalizability across domains not provenDevice resource limitationsLighter architectures or edge deployment optimization
2022[268]HoneypotGridPot honeypot deployed and threat data mapped to MITRE ATTACK for ICSICS-based honeypot, threat mappingGrounded real-world attack behavior analysisHoneypot visibility may limit attack varietyLimited coverage without large-scale deploymentKeeping mapping updated with latest tacticsDistributed deployment with diverse device profiles
2022[269]HoneypotLow-interaction honeypots deployed in AWS to observe ICS compromise trendsCloud-based honeypot with regional diversityScalable deployment, multi-region observationsLow interaction may miss advanced attacker behaviorLimited protocol emulationBalancing fidelity and costHybrid honeypots with partial interaction
2022[270]HoneypotDecentralized honeypot using Android over cellular networks for IoT protocol emulationMobile-based, decentralized, IoT focusCovers IoT-specific threats in mobile environmentsDevice-level attack emulation onlyRealism depends on network fidelityScalability in public attack monitoringFederated attack analysis sharing
2023[271]FL/HoneypotPrivacy-preserving FL with honeypot log sharing incentives and two-step verificationFederated learning, incentive mechanismSecure model training and log verificationComplex coordination and reward validationDepends on supplier participationScalability and verification trustDynamic reward schemes and lightweight models
2023[272]HoneypotHoneyTrack lightweight honeypot deployed in Azure cloud for tracking attack originLightweight, quick deploymentFast setup and actionable outputFocus on initial attack phasesLimited scope without deeper inspection toolsMaintaining consistent monitoringIntegration with SIEM or XDR tools
2023[273]DAG/BlockchainDAG blockchain for IoT authentication in 5G networks using Access PointsQuality of Service enhancement, decentralized trustImproved performance and security metricsRequires AP coordinationDepends on DAG protocol maturityIntegration with legacy networksBackward-compatible protocol extensions
Table 28. Smart grid forensic solutions and security approaches.
Table 28. Smart grid forensic solutions and security approaches.
YearRef.TypeDescriptionCharacteristicsAdvantagesDrawbacksLimitationsChallengesImprovements
2020[276]ForensicsSmart Grid Digital Forensics Investigation Framework supporting incidents like StuxnetIncident-based, forensic phase modelingTailored for smart grid cyber incidentsScenario-based, may not generalize broadlyComplexity in full framework deploymentAdapting phases to dynamic attack surfacesAutomation and modular integration
2020[277]ForensicsOverview of CPS forensics and its approachesHigh-level survey and conceptual frameworksLays foundation for CPS-specific investigationsLacks implementation depthPrimarily theoreticalBridging theory and practical deploymentPrototype development and testbeds
2017[278]ForensicsStatistical trust model for AMI data falsification detectionTrust modeling, probabilistic detectionHigh detection accuracy; modeled taxonomyRequires statistical tuningAMI-focused, less generalizableExpanding to full grid monitoringBroader smart grid adaptation
2019[279]ForensicsSDN-based forensic monitoring with NBA, DL, and DPI integrationNetwork-level defense, layered intelligenceMulti-modal security with forensic capabilitiesConceptual, lacks deployment resultsTheory to practice gapReal-world testbed and validationEnd-to-end implementation
2019[281]ForensicsISO/IEC 27043-based holistic framework with proactive, incident, and reactive phasesStandards-based, application-agnosticEliminates fragmented ad hoc approachesMay require customization for different domainsInitial setup complexityWide-scale smart grid adaptationDomain-specific extensions
2019[282]ForensicsLogging framework ensuring forensic data legality using OSCAR and UK NCSC guidanceLegality-focused, structured loggingSupports court-admissible evidenceLog-centric, limited on real-time detectionDependent on compliance toolsEnsuring traceability and integrityReal-time log analysis integration
2020[283]ForensicsSPEAR framework enhancing awareness, attack detection, and evidence collectionComprehensive situational awareness, privacyTailored for smart grid, enables secure sharingSystem-wide coordination requiredEarly development stageFull lifecycle validationOperational deployment feedback loops
2021[284]ForensicsHybrid blockchain-based forensic logging with access control and tamper resistanceBlockchain logs, encrypted access policiesNon-repudiation and log immutabilityBlockchain maintenance overheadScalability in high-frequency logsBalancing privacy and auditabilityAdaptive block validation rates
2021[285]ForensicsProcedure for forensic investigation of DDoS and FDI attacks, ensuring legal admissibilityLegal compliance, integrity preservationCourt-admissible process workflowAttack-specific scopeReactive by designGeneralizing across threat modelsIntegrate real-time detection triggers
Table 29. Smart grid ethical hacking solutions and security approaches.
Table 29. Smart grid ethical hacking solutions and security approaches.
YearRef.TypeDescriptionCharacteristicsAdvantagesDrawbacksLimitationsChallengesImprovements
2021[286]Ethical HackingFramework with tools and scenarios for ethical hacking, including IoT use cases and red/blue team methodologyPenetration testing, role simulation, authorization emphasisRealistic simulation of attacks and defenses; skill developmentRequires high ethical and legal oversightNot widely adopted in utility sectorsFormalizing and legalizing red/blue testing in smart grid contextsPolicy-driven frameworks and certification schemes
2013[288]Ethical HackingSecurity quantification and formal methods for AMI protocol with tool creation and testingFormal verification, protocol analysis, tool designStructured methodology for protocol testingProtocol-specific adaptationFocused only on AMIBroader applicability to varied smart grid componentsExtension to additional grid subsystems
2016[289]Ethical HackingFirmware and SCADA security testing for early vulnerability detection in IEDsStack-level analysis, proactive diagnosticsEarly detection of firmware-level vulnerabilitiesLimited to IEDs and SCADAFirmware diversity hampers scalabilityMaintaining up-to-date threat modelsIntegration with continuous firmware monitoring
2019[290]Ethical HackingDesign of ISAAC testbed for smart grid cybersecurity with ML-based componentsTestbed-based, CPS-oriented, machine learning readyComprehensive functional testbed for smart gridHigh cost and complexityLimited real-world deploymentScalability and real-time simulationCloud-based testbed replication
2019[291]Ethical HackingHardware intelligence gathering and hacking on grid equipment with hardening strategiesHardware-level threat assessment and defenseImproves resilience at the physical layerRequires physical accessFocused on specific hardwareRemote detection of hardware tamperingRemote attestation techniques
2021[292]Ethical HackingIntegrated smart inverter testing platform to increase test efficiency and reduce manual errorsPlatform-based automation, inverter-centricBoosts test coverage and accuracyInverter-specific utilityNiche scope within grid testingPlatform extensibility for wider useModular plug-in design
2023[293]Ethical HackingPenetration testing on 22 connected home devices with discovery of multiple CVEsSystematic vulnerability analysis, CVE disclosureComprehensive vulnerability identificationHome-focused, not grid-specificRelevance to utility-grade devicesTranslation of home findings to grid domainSmart grid-specific device testing protocols
Table 30. Security challenges and mitigation strategies in OT-based smart grid environments.
Table 30. Security challenges and mitigation strategies in OT-based smart grid environments.
AspectChallenge DescriptionImpact in OT/Smart GridMitigation Strategy
Legacy Device IntegrationMany legacy systems lack support for modern cryptographic techniques or remote update capabilitiesIncreased vulnerability due to inability to patch or apply modern security standardsUse of protocol wrappers, secure gateways, and segmentation of legacy devices from critical systems
Human ElementHuman error, lack of training, and social engineering attacks remain a common attack vectorMisconfigurations, phishing, or physical access compromises leading to potential system failuresImplement ongoing cybersecurity training, role-based access control, and insider threat monitoring programs
Penetration Testing RisksTraditional penetration testing can cause system crashes in fragile OT systemsUnexpected service disruptions, equipment failures, and operational/financial lossesPerform security assessments in testbeds, use digital twins or simulations instead of live system testing
System ResilienceOT systems are not built for resilience against aggressive scans or testsEven minor testing can lead to outages or degraded performanceAdopt non-intrusive monitoring tools, anomaly detection, and passive scanning
Operational SensitivityDowntime in OT systems, even brief, can lead to cascading failures or significant financial lossGrid instability, energy distribution disruption, or failure to meet SLA requirementsPlan maintenance windows, leverage redundancy, and test recovery processes during simulations
Table 31. GANs and LLMs in smart grid security.
Table 31. GANs and LLMs in smart grid security.
YearRef.TypeDescriptionCharacteristicsAdvantagesDrawbacksLimitationsChallengesImprovements
2018[294]GANSynthetic dataset generation using deep GANs based on real conditional probability distributionsData-driven learning, conditional samplingBoosts small dataset size, indistinguishable from real data in task performanceMay replicate data biasesDependent on quality/diversity of original datasetPreventing misuse for adversarial attacksBias filtering and adversarial misuse prevention layers
2022[295]GANSynthetic data generation, energy-conserving, fine-grained controlSynthetic data generation, energy-conserving, fine-grained controlPreserves privacy in smart meter data without major data lossPotential loss of minor data detailsLimited to time series data scenariosMaintaining realism in generated dataImproved calibration to match real-world power fluctuation profiles
2023[296]GANEncrypted data embedded into images using GAN to enhance confidentialityEncryption and steganography using GANsDual-layer security (encryption and hiding)Higher computational complexityImage-based cover requirementBalancing data fidelity and concealmentLightweight encryption algorithms to reduce overhead
2023[297]GANExplores GANs for load forecasting, outage prediction, and preventive maintenanceSupports proactive grid operationsPredictive modeling using generative learningNeeds large historical datasetsDependent on data variety and qualityTraining stability and convergenceHybrid GAN models with statistical smoothing
2024[298]GAN/Zero-TrustZero-trust PGSC framework using GANs with tail-risk metrics to detect GenAI-driven attacksGenAI attack simulation and detection, tail-risk scoring95.7% detection accuracy, 99% defence confidenceMay be overfitted to specific attack typesRequires continuous model updatesMaintaining adaptability to new threatsOnline learning enhancements and dynamic model retraining
2023[299]LLMAI and analytics framework for automating software development in smart gridsAI-generated solutions, business integrationFaster development, monetization potentialReliance on pretrained general-purpose modelsSoftware code generality and domain fitDomain-specific language understandingCustom fine-tuning on smart grid datasets
2023[300]LLMCybersecurity anomaly detection in substations using LLMs and HITL trainingIEC 61850, HITL, HIL testbedRobust detection via LLM-HITL synergyHigh setup complexity and training costDependent on annotated datasetsReal-time inference speedEdge-optimized LLM variants
2024[301]LLMIntroduces Sasha: LLM-based smart home automation assistant for user-driven routinesConversational automation, user intent parsingFlexible and intuitive controlAmbiguity in loosely defined commandsContext retention and behaviour predictionNatural language variabilityContext-aware memory models
2024[302]LLMExplores LLMs’ role in energy sector ops and research directionsEvaluation of capabilities and safety-critical use casesInsightful operational recommendationsHigh compute resource requirementsGeneralization to energy-specific queriesSystem integration and trustPower-domain tool embedding
2024[303]LLMAnalyzes potential LLM security risks in power systemsThreat assessment and countermeasure proposalsProactive defense frameworkPreemptive focus may miss emerging attacksUncertainty in threat modelingRapid evolution of LLM-based exploitsReal-time red-teaming and adaptive defences
Table 32. Advantages and limitations of LLMs for smart grid security.
Table 32. Advantages and limitations of LLMs for smart grid security.
AspectAdvantagesLimitations
Threat Detection and Analysis
  • Analyze vast amounts of data to identify potential threats and anomalies.
  • Process security reports, threat intelligence feeds, and text-based data.
  • Resource-Intensive: Requires significant computational resources for training and deployment.
  • Hard Interpreting: Interpreting and validating results can be challenging.
  • Maintenance: Needs regular updates and maintenance.
  • False Positives/Negatives: Risk of incorrect detection, which can undermine effectiveness.
  • Large Dataset: Training requires large datasets that may include sensitive information.
  • Bias and Accuracy: Can inherit biases from training data.
  • Data Breaches: Improperly secured data can be targeted by attackers.
  • Misuse Potential: Can be used to generate harmful content like deepfakes.
  • Ethical Considerations: Ensuring fairness and preventing misuse.
  • Black Box Nature: Lack of transparency in decision-making processes.
  • Interpretability: Decision-making processes are not easily interpretable.
  • Accountability: Challenges in regulated industries where understanding decision processes is crucial.
Incident Response
  • Automated Responses: Generate responses to detected threats, reducing response times and selecting optimal decisions.
  • Incident Triage: Assist in prioritizing incidents based on severity and potential impact.
Vulnerability Management
  • Predictive Analysis: Predict potential vulnerabilities and exploit trends.
  • Patch Management: Recommend patches and updates.
Security Automation
  • Automate repetitive security tasks.
  • Develop and update incident response playbooks.
User Training and Awareness
  • Phishing Detection: Create realistic phishing simulations.
  • Educational Content: Generate training materials and FAQs.
Data Privacy and Compliance
  • Policy Analysis: Ensure adherence to data privacy regulations.
  • Automated Reporting: Generate compliance reports.
Table 33. Comparative overview of GAN and LLM applications in smart grid security.
Table 33. Comparative overview of GAN and LLM applications in smart grid security.
AspectGANs (Generative Adversarial Networks)LLMs
Primary Use CasesSynthetic attack data generation, anomaly simulation, and data augmentation for IDSThreat log analysis, automated incident response, and policy summarization and retrieval
AdvantagesHelps train models with limited real attack data, reveals blind spots via adversarial testingLearns from diverse, unstructured data, enables real-time, context-aware decision support
Model InputNumerical/time-series telemetry, and network traffic dataText-based logs, configuration files, and incident documentation
ChallengesRequires stable training, risk of generating unrealistic or biased samples, and needs task-specific adaptation (e.g., TimeGAN)High inference cost, risk of hallucinations, and needs domain adaptation and prompt tuning
Deployment Consideration TablesTypically used offline for training IDS or simulatorsNeeds lightweight variants for edge/real-time use (e.g., quantized or distilled models)
Potential IntegrationEnhancing IDS through adversarial robustness testingAssisting operators in decision-making and reporting tasks
Table 34. Layer-based threat-defense mapping.
Table 34. Layer-based threat-defense mapping.
Smart Grid LayerPrimary ThreatsDefensive Mechanisms
PerceptionPhysical tampering, sensor spoofing, FDIAsTamper-resistant hardware, ML-based anomaly detection, hardware encryption
NetworkDoS/DDoS, eavesdropping, jammingSDN-based intrusion detection, traffic shaping, redundant topologies
ControlMalware, command injection, timing attacksPatch management, real-time behavioral analysis, integrity monitoring
ApplicationData breaches, unauthorized access, phishingRole-based access control (RBAC), Two-Factor Authentication (2FA), LLM-based anomaly detection
ManagementInsider threats, misconfigurations, policy bypassZero-trust architecture, continuous auditing, behavioral biometrics
Table 35. Summary of counter-terrorism benefits.
Table 35. Summary of counter-terrorism benefits.
ObjectiveMLTDAF Benefit
Prevent terrorist accessLayered defense, strong authentication
Detect covert operationsBehavioral monitoring, ML-driven detection
Protect against hybrid attacksCombined physical–cyber safeguards
Enhance response to attacksLayer-specific contingency and incident plans
Guide strategic infrastructure policyPrioritization of critical components and investments
Table 36. Comparative analysis: MLTDAF framework vs. traditional SIEM.
Table 36. Comparative analysis: MLTDAF framework vs. traditional SIEM.
FeatureProposed MLTDAF FrameworkTraditional SIEM
ScopeUnified IT–OT–DER coverage, suitable for smart grid environmentsPrimarily IT-focused, limited OT visibility
Detection ApproachML-based dynamic anomaly detection with adaptive learningSignature-based or rule-driven, less adaptive
Real-Time ResponseYes, by including automated alert classification and tiered prioritizationOften delayed, depends on manual analyst triage
Mapping to SGAMDesigned to align across all layers: Component, Communication, Information, Function, and BusinessUsually focused on Information and Function layers only
ScalabilityArchitected to scale across distributed grid nodes and edge devicesCentralized processing may bottleneck in large-scale grid setups
Domain CoverageHigh: Includes DERs, legacy systems, IoT edge, smart metersLow to moderate; lacks embedded support for DERs or grid-specific assets
Privacy-AwarenessSupports pseudonymization and local anomaly processing before cloud transferRarely considers privacy, centralized logging risks data exposure
Latency ToleranceLow latency design with support for edge and fog computing nodesHigher latency due to batch processing and central correlation
Human-In-The-LoopSOC operators, OT engineers, and AI co-pilots in loop with adjustable oversightAnalysts play a reactive role; no domain-specific operational feedback loop
Resilience to Legacy DevicesIncorporates wrappers and proxies for devices lacking native security supportLegacy device integration rarely addressed
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Yaacoub, J.P.A.; Noura, H.N.; Salman, O.; Chahine, K. Toward Secure Smart Grid Systems: Risks, Threats, Challenges, and Future Directions. Future Internet 2025, 17, 318. https://doi.org/10.3390/fi17070318

AMA Style

Yaacoub JPA, Noura HN, Salman O, Chahine K. Toward Secure Smart Grid Systems: Risks, Threats, Challenges, and Future Directions. Future Internet. 2025; 17(7):318. https://doi.org/10.3390/fi17070318

Chicago/Turabian Style

Yaacoub, Jean Paul A., Hassan N. Noura, Ola Salman, and Khaled Chahine. 2025. "Toward Secure Smart Grid Systems: Risks, Threats, Challenges, and Future Directions" Future Internet 17, no. 7: 318. https://doi.org/10.3390/fi17070318

APA Style

Yaacoub, J. P. A., Noura, H. N., Salman, O., & Chahine, K. (2025). Toward Secure Smart Grid Systems: Risks, Threats, Challenges, and Future Directions. Future Internet, 17(7), 318. https://doi.org/10.3390/fi17070318

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop