Adaptive Cyber Defense for Renewable Energy Systems Using Digital Forensics and Fuzzy Multi-Criteria Analysis

Abstract

As digital technology becomes increasingly integral to modern industries, the risks posed by cyber threats, including malware, ransomware, and insider attacks, continue to rise, jeopardizing critical infrastructure including renewable energy system. The world is more vulnerable to sophisticated cyberattacks due to its reliance on smart grids and IoT-enabled renewable energy systems. Without specialized digital forensic frameworks, incident response and critical infrastructure resilience are limited. This research examines the pivotal role of digital forensics in defending renewable energy system against the growing wave of cyber threats. The study highlights the significance of digital forensics in enhancing incident response, evidence collection, and forensic analysis capabilities. Through detailed case studies, it investigates the implementation strategies of digital forensics to identify, track, and mitigate cyber risks. To address this objective, this study proposes a comprehensive and adaptive cybersecurity framework that integrates digital forensics and fuzzy multi-criteria decision-making to enhance cyber resilience in renewable energy systems. Drawing on relevant case studies, the research demonstrates how the integration of digital forensics with fuzzy logic supports dynamic threat evaluation and risk mitigation. Comparative analysis show that the proposed framework outperforms traditional methods in terms of detection accuracy, response time, and adaptability to evolving threat landscapes. Key contributions include: (1) a structured digital forensics-based cybersecurity model tailored to renewable energy systems, (2) application of fuzzy Analytical Hierarchy Process (AHP) for multi-criteria threat evaluation, and (3) policy-oriented recommendations for stakeholders to reinforce national cyber resilience in line with energy transition. The findings underscore the need for a cohesive cybersecurity strategy grounded in advanced decision-support systems to protect the future of sustainable energy.

1. Introduction

The unprecedented integration of digital technologies into critical infrastructure has ushered in a new era of efficiency and innovation. Nowhere is this more evident than in the renewable energy and power system, where advancements in digitalization have revolutionized the production, distribution, and management of renewable energy resources [1]. As reliance on interconnected systems and infrastructure grows, so too does the need to address the escalating threats posed by cybercriminals seeking to exploit vulnerabilities in the digital landscape. This research article explores the pivotal role and profound importance of digital forensics in safeguarding the renewable energy system [2].

Renewable energy system’s embrace of digitalization has undeniably elevated operational capabilities, promoting sustainability, reliability, and adaptability [3,4,5,6]. The integration of technologies such as the Internet of Things (IoT), intelligent sensors, and advanced control systems has enabled real-time monitoring, predictive analytics, and optimized resource allocation through renewable energy infrastructure and systems [5,6]. However, this digital transformation has simultaneously opened new avenues for malicious actors to target critical infrastructure, posing significant risks to the uninterrupted delivery of renewable energy services.

The interconnected nature of renewable energy systems, while fostering efficiency, has created a complex web of vulnerabilities that demand a proactive and comprehensive approach to cybersecurity [2,7]. Threats such as malware, ransomware, and insider attacks loom as potential disruptors, capable of compromising the integrity and availability of essential renewable energy infrastructure [8]. Recognizing the gravity of these challenges, the focus of this research article is to shed light on the indispensable role played by digital forensics in fortifying the renewable energy system against cyber threats.

The global cyber security in energy market is projected to reach $15.8 billion by 2028, showing a robust compound annual growth rate (CAGR) of 10.8% [9]. This growth is driven by the adoption of cybersecurity measures across operational and information technology systems, encompassing preventive and reactive strategies against cyber threats. Key factors include the digitization of renewable energy services, technological advancements like artificial intelligence and automation, and the heightened demand for cybersecurity solutions due to the COVID-19 pandemic [6,7].

The escalating threat landscape, highlighted by incidents like the Russo-Ukrainian conflict, underscores the vulnerability of nuclear energy firms [2,3,4]. Russian APT groups targeted prominent U.S. nuclear research laboratories using phishing emails and fake login pages. Cybercrime forums reveal a growing interest in accessing nuclear-system entities, with ransomware attacks becoming more prevalent, posing substantial financial risks exceeding $5,000,000 [4,9,10,11].

The world energy demands, climate agreements, and rapid technological advancement have accelerated the implementation of Secure and Reliable Renewable Energy services, requiring solutions that deliver high operational efficiency and robust security against evolving cyber and physical threats [12,13,14,15]. These systems’ security must be assessed and optimized using many qualitative and quantitative variables. The unpredictable and dynamic characteristics relating to system resilience, threat adaptation, intrusion detection accuracy, and reliability are the hardest [16,17,18,19,20].

This research proposes a security framework for renewable energy services and evaluate this proposed framework using hybrid fuzzy-AHP method which combines the two approaches to bridge the gap between technical security performance measurements and real-world operational uncertainty. Specific security parameters like detection speed, false alarm rates, vulnerability coverage, and adaptive response capabilities keep renewable energy industries technically secure and operationally resilient. This study combines fuzzy logic with proven MCDM techniques and focuses on security-specific criteria to strengthen renewable energy management and its security, providing policymakers, energy operators, and technology developers with a more realistic, adaptive, and effective approach.

The importance of this study in the field of security lies in its focus on cyber defense for renewable energy systems, which are increasingly targeted due to their reliance on smart grids, IoT devices, and distributed energy resources. Traditional cybersecurity approaches often lack adaptability and forensic readiness, limiting effective incident response in critical energy infrastructures. This study bridges this gap by integrating digital forensics with fuzzy multi-criteria analysis, enabling proactive threat assessment, evidence-based decision-making, and improved cyber resilience.

This research aims to develop and validate a strategic framework for reducing cyber threats in renewable energy systems by integrating digital forensics capabilities into cybersecurity operations. Using real-world case studies, the study identifies actionable controls, forensic readiness measures, and response strategies tailored to smart energy infrastructures. The proposed framework is systematically compared with existing cybersecurity frameworks using the Fuzzy Analytic Hierarchy Process (Fuzzy AHP) to evaluate effectiveness across multiple criteria, including threat detection, incident response, resilience, and operational impact. The outcomes provide concrete guidance for stakeholders, policymakers, and practitioners to implement prioritized cybersecurity measures and address the evolving cyber risks facing the renewable energy sector in the digital era.

The rapid digitalization of renewable energy systems has improved efficiency, reliability, and sustainability through technologies such as IoT, intelligent sensors, and advanced control systems. However, increased connectivity has also exposed critical energy infrastructure to growing cyber threats, including malware, ransomware, and insider attacks, highlighting the limitations of traditional cybersecurity approaches that lack adaptability and forensic readiness. Motivated by the escalating threat landscape and the need for resilient security solutions, this study emphasizes the vital role of digital forensics in strengthening cyber defense for renewable energy systems. It proposes a comprehensive security framework evaluated using a hybrid fuzzy-AHP approach to address operational uncertainty and multiple security criteria, aiming to support policymakers, energy operators, and practitioners in enhancing cyber resilience and safeguarding the digital future of renewable energy infrastructure.

The structure of the paper is organized as follows: Section 2 reviews relevant previous studies to provide context. Section 3.1 presents the problem formulation, laying the foundation for the analysis. In Section 3.2, the paper discusses the need of cyber security in renewable energy sector for the development of its renewable energy system. Section 3.3 examines the security landscape in energy systems, while Section 3.4 explores the cybersecurity threats facing renewable energy infrastructure. Section 3.5 delves into the role of digital forensics in ensuring the security of renewable energy systems. Section 3.6 highlights the key issues and challenges in this domain, and Section 3.7 introduces the proposed integrated model for enhancing security. Section 3.8 details the methodology employed, focusing on Fuzzy AHP for decision-making. Section 4.1 presents the numerical analysis and results, followed by a comparison with other models in Section 4.2. Section 5 discusses the findings, with a focus on their potential impact in Section 5.1 and limitations along with future research directions in Section 5.2. Finally, Section 6 concludes the paper with a summary of the key insights and contributions.

2. Relevant Previous Studies

The integration of advanced technologies, including machine learning and fuzzy logic, has become a key strategy for enhancing energy efficiency in modern power systems, especially in the context of smart grids and renewable energy sources. Baz et al. [12] propose the Deep Fuzzy Nets (DFN) approach, which combines deep learning with fuzzy logic to optimize energy efficiency in smart grids. This approach leverages deep learning architectures to model complex relationships within the grid, while fuzzy logic handles uncertainties and imprecisions inherent in real-world data. The DFN method has been tested on various energy systems and shows promising results, achieving high sensitivity, specificity, and critical success indices, demonstrating its effectiveness in improving energy management while maintaining user control.

In addition to optimizing energy efficiency, the increasing penetration of renewable energy resources (RE) in power systems introduces new challenges in security and reliability. Hailu et al. [13] propose a data-driven fuzzy inference system (HGSA-FIS) for the static security assessment of multi-area power systems with integrated renewable energy. This system is designed to quickly assess the security of the grid in the event of component failures, taking into account the variability of renewable energy generation and demand fluctuations. The results highlight the robust performance of HGSA-FIS, outperforming alternative models like ANFIS and ANN in several scenarios, and providing a reliable tool for static security assessment in modern power systems.

As renewable energy continues to play a larger role in power generation, the cybersecurity risks associated with their integration into the grid become more pronounced. Ige et al. [14] address these cybersecurity challenges in the renewable energy sector, focusing on the vulnerabilities introduced by the connection of renewable energy sources to the power grid. The study identifies critical security gaps and proposes the use of artificial intelligence (AI) and machine learning (ML) as effective defense mechanisms. Furthermore, the importance of international cooperation and adherence to global standards is emphasized in bolstering the cybersecurity resilience of renewable energy systems. The authors advocate for a comprehensive cybersecurity strategy that includes advanced technologies, human factors, and policy interventions to safeguard the sector.

The security of critical infrastructures, including energy systems, is also a major concern, as these systems are increasingly targeted by cyberattacks. Tsantikidou et al. [15] explore the cybersecurity threats faced by critical infrastructures, particularly focusing on energy systems. They provide a detailed analysis of various cyberattacks and propose cryptographic frameworks to secure these infrastructures. Their work underscores the importance of adaptive and robust security measures to mitigate the risks posed by evolving cyber threats, including those targeting power grids and energy systems. They suggest that a combination of updated cryptographic techniques and security controls can significantly enhance the resilience of critical infrastructure systems. In order to optimize energy usage, Alghassab [18] proposed a fuzzy-based smart energy management system for residential structures. When compared to current models, the study showed that it performed better at striking a balance between occupant comfort, cost savings, and efficiency. The system’s potential to achieve sustainability goals by improving residential energy efficiency is highlighted by the findings.

The integration of cybersecurity with sustainable infrastructure, particularly in Green Building Management Systems (GBMS), is another area of focus in the research by Ige et al. [16]. This study investigates the cybersecurity challenges faced by sustainable infrastructure, emphasizing the need for resilience against cyber threats. The research identifies the core principles of cybersecurity that are crucial for securing GBMS, such as resilience and the seamless integration of security measures with sustainability efforts. Strategic recommendations include the adoption of international standards, interdisciplinary collaboration, and the use of emerging technologies to enhance the security posture of sustainable buildings.

Finally, the role of the Internet of Things (IoT) in smart renewable energy systems has introduced new cybersecurity challenges. Rekeraho et al. [17] review the vulnerabilities and threats facing IoT-based smart renewable energy systems, highlighting the risks posed by cyberattacks such as false data injection, replay, and denial of service attacks. The study identifies key security weaknesses, including insecure communication protocols, poor encryption techniques, and inadequate access control. The authors emphasize the need for robust cybersecurity strategies to protect the integrity of IoT-based smart renewable energy systems and ensure the security of the power grid as renewable energy sources become increasingly integrated. Almotiri [19] proposed a fuzzy-based computational mechanism to enhance the selection of effective malicious traffic detection techniques in cybersecurity. The study applied fuzzy logic to address uncertainties in evaluating detection methods, ensuring more reliable decision-making. Results demonstrated improved accuracy and adaptability compared to traditional selection approaches, highlighting its potential in strengthening intrusion detection systems [20,21].

Further, Ali et al. [22] in his work presents a probabilistic hesitant fuzzy multi-criteria decision-making (MCDM) approach to prioritize treatment policies for COVID-19. By leveraging hesitant fuzzy sets, the methodology effectively captures expert uncertainty and the nuances of subjective judgments in complex health policy decision-making. The study demonstrates how integrating fuzzy logic with MCDM allows for robust prioritization under ambiguity, providing a structured and systematic framework for evaluating competing alternatives in uncertain and high-stakes environments. Alrashdi et al. [23] in his work proposed an intelligent decision support framework for evaluating alternative vehicle technologies with the goal of reducing greenhouse gas emissions in Egypt’s transportation sector. The framework combines multi-criteria evaluation with expert judgment to assess the environmental, economic, and technological aspects of vehicle alternatives.

Overall, these studies collectively underscore the importance of cybersecurity, optimization techniques, and the integration of advanced technologies in enhancing the efficiency and security of modern energy systems, particularly those involving renewable energy sources and smart grids. As the energy sector continues to evolve, these technologies will play a critical role in ensuring the sustainability, reliability, and security of power systems worldwide.

3. Materials and Methods

3.1. Problem Formulation

Digital forensics has evolved as a critical discipline in the realm of cybersecurity, extending beyond the immediate response to cyberattacks [18,19]. Its core objective is to thoroughly investigate cyber incidents, uncovering the underlying causes, identifying the perpetrators, and enhancing the defensive strategies to safeguard systems against future breaches. In the context of critical infrastructure, such as renewable energy systems, digital forensics becomes even more vital. These systems are particularly susceptible to targeted cyberattacks, which can jeopardize national energy security, economic stability, and the continuity of essential services.

The importance of effective digital forensics is especially pronounced in the renewable energy sector, where a transition to green energy sources is gaining momentum [20,21]. With the increased reliance on smart grids, renewable energy technologies, and IoT-based systems, the vulnerability to cyber threats is also growing. Cyberattacks targeting renewable energy infrastructure can lead to severe disruptions, including power outages, financial losses, and even damage to physical infrastructure. These threats not only pose risks to energy security but also undermine public trust in the technological advancements being implemented in the energy sector.

This article aims to investigate the specific threats faced by renewable energy systems, examining the challenges encountered in responding to cyber incidents. It will explore the role of digital forensics in identifying attack vectors, tracking perpetrators, and developing strategies to fortify the security of renewable energy infrastructure [2,21]. The research will highlight the significance of conducting thorough forensic examinations, which are essential not only for the immediate recovery from cyber incidents but also for the long-term resilience of the system. By addressing these concerns, the study will provide insights into the critical role of digital forensics in ensuring the durability and reliability of essential renewable energy infrastructure. Despite the increased adoption of digital technologies in renewable energy infrastructure, current cybersecurity frameworks fall short in integrating advanced digital forensics techniques for proactive threat detection and response. Furthermore, there is a lack of a structured, quantifiable model to assess and compare the effectiveness of such frameworks under real-world conditions. This gap hampers timely decision-making, risk prioritization, and resilience planning.

As the renewable energy sector continues to evolve and expand, it is imperative that effective digital forensics be integrated into the broader cybersecurity strategy [22]. Through comprehensive investigation and evidence gathering, digital forensics can provide the insights necessary to enhance the security posture of renewable energy infrastructure, thereby ensuring its continued functionality and resilience against the growing threat of cyberattacks [2,20,21,23,24]. After critically examining the roots of the problem, several research questions have been raised, some of which are as follows:

• What methodologies can be implemented to acquire a profound comprehension of the dynamic and evolving nature of digital dependence on renewable energy systems?
• To provide a comprehensive analysis of effective strategies against the diverse array of threats encountered in the field of renewable energy systems, which digital forensics methods can be presented and investigated?
• Which criterion should be taken into account when selecting and validating the best practices for the security of renewable energy systems?
• How does a proposed integrated framework specifically improve the digital threat security of renewable energy systems, addressing the necessity for a cohesive strategy in the presence of evolving digital threats?
• In order to guarantee the framework’s adaptability and efficacy in the face of emerging digital threats, which key attributes and guidelines should be incorporated?

In order to equip renewable energy practitioners and cybersecurity specialists to protect national security interests in the digital age, the problem formulation attempts to prepare these research questions in order to establish the foundation for practical insights, tools, and recommendations.

3.2. Need of Cybersecurity in Renewable Energy System

In the ambitious landscape of making world achieve 90% energy efficient, the renewable energy system stands as a pivotal cornerstone, driving both economic growth and technological advancement [22,23]. However, with this transformative journey comes the pressing need to fortify the system against evolving cyber threats, making cybersecurity and digital forensics indispensable components of its roadmap. Within this realm, understanding the dynamics of the cyber threat landscape is paramount. Numerous geopolitical and technological variables are contributing to an increase in cyberattacks against the energy sector. According to a July 2024 Sophos analysis, which polled 275 cybersecurity and IT executives from the energy, oil/gas, and utilities sectors in 14 countries, 67% of participants reported that their companies had experienced a ransomware assault during the previous year [23,24].

Recognizing this urgency, the countries government are investing a bulk towards bolstering cybersecurity across critical systems, including renewable energy [6,7,21,25]. This financial commitment reflects a proactive approach towards safeguarding renewable energy infrastructure. Yet, beyond financial investment lies the imperative to cultivate digital forensic readiness. Despite the strides made, studies indicate that only 30% of renewable energy companies have established adequate digital forensic capabilities. This underscores a crucial area for further development to ensure swift incident response and thorough investigations [2,25,26,27].

Collaboration emerges as another vital pillar in the defense against cyber threats. The Authorities has spearheaded initiatives aimed at fostering collaboration among stakeholders. Encouragingly, surveys show that 70% of renewable energy companies express keen interest in participating in such collaborative endeavors [2,3,4,22,23,24]. Furthermore, a cultural shift towards cybersecurity awareness is indispensable. Such initiatives play a pivotal role in building a resilient cybersecurity culture. As incidents inevitably occur, having robust incident response metrics becomes paramount. Encouragingly, reports indicate a 25% reduction in the average time to detect and respond to cyber incidents over the past two years [1,3,9,10]. These metrics signify tangible progress in bolstering incident response capabilities.

Looking ahead, technology adoption emerges as a linchpin in fortifying cybersecurity defenses. Survey data suggests that an overwhelming 80% of energy companies are poised to invest in next-generation security technologies, such as AI-based threat detection and blockchain for secure data management [8,9,10,17,18,25,26]. In essence, the convergence of cybersecurity and digital forensics within the renewable energy system underpins the realization of global vision of renewable energy aspirations. Through strategic investments, collaborative frameworks, and a culture of innovation, a resilient path towards securing its renewable energy future in the digital age is possible.

3.3. Security in Energy System

Renewable energy system is experiencing a notable change in its security situation due to strategic efforts to decrease carbon emissions and use renewable energy sources. The surge in popularity of digital forensics technology is driven by the perceived benefits it offers, such as increased agility, flexibility, lower capital costs, and improved operational efficiency.

Nevertheless, as the energy system adopts digital forensics technology, it also faces distinctive security obstacles. The incorporation of outdated equipment and the merging of Information Technology (IT) and Operational Technology (OT) networks pose significant challenges. Furthermore, the COVID-19 pandemic has emphasized the crucial significance of safe remote access, resulting in the use of advanced security techniques like Zero Trust architecture [21]. The growing prevalence of cyber-attacks directed at organizations in the oil industry, such as Oiltanking, SEA-Invest, and Evos, highlights the immediate requirement for strong digital forensics security protocols [3,6,7,8,13,14,15,23,24,25,26,27]. The objective of collaborative initiatives among industry participants, such as the partnership between Nasuni and Cegal, is to enhance defenses against constantly changing cyber threats [2,5,6,9,10,21,22,23,24].

Internationally, efforts such as the European Union’s Smart Energy Expert Group and the UK’s investments in digitization are proactive measures taken to address uncertainties including the impact of extreme weather events on data centres and the need to decrease reliance on Russian fossil fuels [15,19,28]. Prominent participants in the Digital Forensics Security market for the energy system is actively involved in strategic partnerships to promote innovation and provide secure data solutions. The energy system of different countries is making continuous efforts to improve digital forensics security, as demonstrated by recent developments such as SHV Energy’s collaboration with TCS for security operations and the establishment of a nodal centre by Power Grid Corporation of India Limited (Bengaluru, India), Bengaluru to address cybersecurity concerns in power grids [3,4,7,8,9,10,29].

In order to promote growth and operational resilience in energy industry, the use of digital forensics technology is being emphasized. However, it is crucial to prioritize strong security measures in the digital forensics to protect against ever-changing cyber threats. This is essential to ensure the sustainable development of the system in line with national goals.

3.4. Cybersecurity Threats in the Renewable Energy System

As the renewable energy system undergoes a profound digital transformation, the benefits of increased connectivity and advanced technologies also bring forth a host of cybersecurity threats [3,5,6,7]. Understanding and addressing these threats are paramount to ensuring the resilience of critical renewable energy infrastructure. In this section, authors delve into three prominent cybersecurity threats (Figure 1) facing the renewable energy system:

3.4.1. Malware and Ransomware

• Risks Posed: The renewable energy system faces substantial risks from malware and ransomware, given its extensive reliance on interconnected systems. Malicious software can compromise control systems, manipulate data, and disrupt renewable energy production, distribution and management of supply chains distribution, leading to severe operational and financial consequences [5,14]. Ransomware poses an additional threat, encrypting critical data and demanding ransom payments, potentially paralyzing renewable energy infrastructure until the demands are met.
• Case Studies: In the realm of cybersecurity, case studies serve as crucial benchmarks for understanding the evolving landscape of digital threats. One such milestone is the here, the Stuxnet Worm of 2010, a highly sophisticated malware that specifically targeted supervisory control and data acquisition (SCADA) systems, shed [3,4,5,6]. This incident revealed the vulnerability of electricity infrastructure to customized malware, prompting concerns about the possibility of manipulating essential systems. The ramifications were severe, as Stuxnet effectively damaged Iran’s nuclear programme, exposing the geopolitical significance of malicious malware on critical infrastructure. Another noteworthy case study is the WannaCry Ransomware outbreak that occurred in 2017. By taking advantage of weaknesses in Microsoft Windows systems, the WannaCry ransomware had a widespread influence, impacting organizations in different systems, including the renewable energy industry [7,8,9,10]. The consequences encompassed operational disruptions, loss of data, and substantial financial setbacks, underscoring the widespread danger presented by ransomware to vital infrastructure on a global scale. These case studies highlight the importance of constant monitoring and creative cybersecurity solutions to protect against ever-changing digital dangers in a world that is linked and heavily reliant on technology.
• Strategies to reduce or prevent the negative impacts: Implementing efficient mitigation solutions is crucial in protecting systems from the constantly increasing danger of malware. By utilizing sophisticated data analysis techniques to observe the behavior of a system, organizations can quickly detect and address abnormal actions. This enables them to take proactive measures to minimize the impact of malicious software threats before they do significant harm.

3.4.2. Insider Threats

• Scope and Complexity: Insider threats in the renewable energy system encompass a broad spectrum, ranging from inadvertent mistakes by employees to malicious actions with the intent to compromise security. The complexity raises further arise when considering the s from the diverse motivations and access levels of insiders, making it challenging to detect and prevent such threats effectively.
• Motivations: Motivations driving security breaches within organizations can be categorized into accidental errors and malicious intent. Accidental errors arise when employees inadvertently compromise security protocols, often due to misconfigurations or mishandling of sensitive data. Such unintentional actions may result from a lack of awareness or inadequate training, making it essential for organizations to invest in comprehensive education and awareness programs [14,15,16,17].
• Lessons from Incidents: In reflecting upon pivotal incidents such as Edward Snowden’s revelation in 2013 and the Colonial Pipeline Ransomware Attack in 2021, valuable lessons emerge that cast light on the evolving landscape of cybersecurity [11,18,19,20]. The Snowden incident served as a stark reminder of the criticality of safeguarding against insider threats, unveiling vulnerabilities in organizations handling sensitive information. This episode underscored the importance of robust monitoring systems and stringent access controls to mitigate risks arising from within. Similarly, the Colonial Pipeline Ransomware Attack emphasized the multifaceted nature of insider threats, revealing how compromised credentials could serve as a gateway for malicious actors.
• Detection and Prevention: Effective detection and prevention strategies are crucial in safeguarding an organization’s cybersecurity. User behavior monitoring plays a pivotal role in this effort by employing analytics to detect aberrations from regular activities, thereby serving as an early warning system for potential insider threats. Access controls and privilege management further fortify the defense, as restricting access based on job roles and adhering to the principle of least privilege minimizes the risk of malicious insiders exploiting their privileges [21,22,23,24]. In tandem, employee training and awareness programs contribute significantly to the overall security posture. By educating employees on cybersecurity best practices and enlightening them about the potential consequences of their actions, organizations empower their workforce to be vigilant and reduce the likelihood of unintentional insider threats. These multifaceted approaches collectively create a robust defense mechanism, fostering a resilient cybersecurity framework.

3.4.3. IoT Vulnerabilities

• Expanding Attack Surfaces: The widespread adoption of IoT devices in the renewable energy system introduces numerous entry points for potential attackers. These devices, ranging from sensors to smart meters, expand the attack surface and create new opportunities for cyber threats.
• Security Challenges: Security challenges in the realm of IoT are prevalent and demand urgent attention. One major concern lies in the insecure communication of devices, as a significant number of these transmit sensitive data over channels lacking adequate security protocols. This vulnerability exposes them to potential interception and manipulation by malicious entities, posing a serious threat to both individual or organization privacy as well as overall system integrity.
• Best Practices: In the realm of IoT, adopting best practices is imperative to safeguard the integrity and confidentiality of connected devices and networks. One fundamental principle is “Security by Design,” emphasizing the integration of security measures at the very inception of IoT device development. This proactive approach ensures that security becomes an inherent and foundational aspect of the device’s functionality. Moreover, robust protection mechanisms such as encryption and authentication play a pivotal role in securing communication between IoT devices.
• Future Trends: As there are technological advancements in the future, two prominent trends are poised to redefine the landscape of cybersecurity. Firstly, the integration of blockchain technology for securing IoT devices is gaining significant traction. Blockchain’s decentralized nature and tamper-resistant capabilities provide a robust framework for enhancing the security of device communication [25,27,28]. Secondly, the rise of artificial intelligence (AI) is ushering in a new era of threat detection in the IoT ecosystem. AI-driven algorithms excel in monitoring and identifying anomalous patterns in device behavior, enabling the real-time detection and response to emerging threats. Together, the synergy of blockchain for decentralized security and AI-driven threat detection represents a powerful paradigm shift in fortifying the future of IoT cybersecurity.

Understanding and addressing the risks associated with malware, ransomware, insider threats, and IoT vulnerabilities are paramount for securing the renewable energy system. However, digital forensics also has a crucial role to play in not only responding to incidents but also in proactively implementing strategies to mitigate these risks and in fortifying the resilience of critical renewable energy infrastructure. The next section delves into digital forensics and its role in the cyber-security of renewable energy system.

3.5. Digital Forensics in Renewable Energy Security

The integration of digital forensics within renewable energy security frameworks emerges as a critical imperative amidst the rapid modernization of the renewable energy system. With the global ambitious agenda of 90% renewable energy driving extensive digitization initiatives, including the deployment of smart grids and IoT devices, the need for robust cyber-security measures and proactive incident response capabilities is paramount [2,20,21,22]. Digital forensics plays a central role in this landscape by enabling the identification, analysis, and mitigation of cyber threats and incidents, thereby safeguarding the integrity and resilience of renewable energy infrastructure. By leveraging advanced forensic techniques and technologies (Figure 2), such as forensic analysis of network traffic and memory forensics, alongside comprehensive incident response protocols, authorities can effectively detect and neutralize cyber threats, ensuring the uninterrupted and secure operation of critical renewable energy assets [1,4,5,6,7].

3.5.1. Incident Response

In the context of renewable energy security, incident response plays a pivotal role in minimizing the impact of cyber threats and ensuring swift recovery. The interconnected nature of smart grids and renewable energy management systems demands a proactive approach to identifying, containing, and eradicating security incidents. Digital forensics acts as a linchpin in this process, enabling organizations to effectively respond to and recover from cyber incidents.

• Rapid Detection and Identification: Digital forensics assists in the rapid detection and identification of security incidents by employing advanced monitoring tools and techniques. Through real-time analysis of network traffic, system logs, and anomalous behaviour patterns, security teams can swiftly pinpoint potential threats and vulnerabilities [8,12,13,14].
• Timely Incident Containment: Once a security incident is detected, digital forensics aids in the rapid containment of the threat. By isolating affected systems and networks, security teams can prevent the lateral movement of attackers and limit the extent of damage, thereby ensuring the continued operation of renewable energy infrastructure.
• Root Cause Analysis: Digital forensics also facilitates a thorough root cause analysis of security incidents. By scrutinizing the attack vectors, identifying vulnerabilities, and understanding the tactics employed by adversaries, organizations can strengthen their defenses and prevent future occurrences of similar cyber threats.
• Forensic Readiness Planning: Effective incident response is predicated on proactive forensic readiness planning. Digital forensics professionals work collaboratively with cybersecurity teams to develop and implement incident response plans, ensuring that organizations are well-prepared to respond to and recover from security incidents [15,16,17].

3.5.2. Evidence Collection and Preservation

The integrity of digital evidence is paramount in investigating and prosecuting cybercrime in the renewable energy system. Digital forensics plays a crucial role in systematically collecting, preserving, and documenting evidence to support legal proceedings and enhance the resilience of critical infrastructure.

• Chain of Custody Management: Digital forensics professionals meticulously manage the chain of custody for digital evidence [18]. This involves documenting the handling, transfer, and storage of evidence to ensure its admissibility in legal proceedings and maintain its integrity throughout the investigation.
• Remote Evidence Collection: In the renewable energy system, where critical infrastructure may be geographically dispersed, digital forensics leverages remote evidence collection techniques. This allows forensic experts to gather relevant data without compromising the operational continuity of renewable energy facilities.
• Preservation of Digital Footprints: Digital forensics focuses on preserving digital footprints left by attackers. This includes capturing volatile data, analyzing system logs, and creating forensic images of affected systems, all of which contribute to building a comprehensive understanding of the cyber incident [19].
• Admissibility in Legal Proceedings: To ensure the admissibility of digital evidence in legal proceedings, digital forensics professionals adhere to industry best practices and legal standards. This involves documenting the methods used for evidence collection, preserving metadata, and maintaining a clear audit trail.

3.5.3. Forensic Analysis Tools

The renewable energy system relies on a plethora of digital systems and devices, necessitating the use of specialized forensic analysis tools. Digital forensics employs these tools to investigate security incidents, analyze digital artifacts, and derive actionable insights to fortify the cybersecurity posture of renewable energy infrastructure.

• Disk Imaging and Memory Analysis: Forensic analysis tools enable the creation of forensic images of disks and memory, allowing investigators to examine the state of systems at the time of an incident.
• Network Forensics Tools: Given the interconnected nature of renewable energy systems, network forensics tools are crucial for analyzing network traffic, detecting anomalous patterns, and identifying potential security threats [5,30,31].
• Malware Analysis Tools: Digital forensics can also leverage specialized malware analysis tools to dissect and understand the behaviour of malicious software. By identifying the characteristics and functionalities of malware, security teams can develop strategies to prevent and mitigate future malware attacks on renewable energy systems.
• Data Recovery and Reconstruction Tools: In the aftermath of a security incident, data recovery and reconstruction tools are instrumental in restoring compromised or deleted data [20,21,22,32]. Digital forensics professionals use these tools to recover critical information, helping organizations resume normal operations promptly.

Therefore, the effective integration of digital forensics practices in renewable energy security is imperative to safeguard critical infrastructure from cyber threats. Incident response, evidence collection and preservation, and the utilization of forensic analysis tools collectively contribute to building a robust cybersecurity framework that ensures the reliability and resilience of renewable energy systems.

3.6. Issues and Challenges

As the renewable energy systems continues to advance with the integration of digital technologies, the importance of robust digital forensics practices cannot be overstated. Below, authors delve into the key issues and challenges associated with digital forensics in the context of securing the renewable energy system [1,2,6,8,9,10,16,17,18]:

3.6.1. Sophisticated Cyber Threats

In the intricate landscape of the renewable energy system, the ever-growing reliance on digital systems has made it a prime target for sophisticated cyber threats. The system faces a formidable challenge in safeguarding its infrastructure against a myriad of potential risks orchestrated by cyber adversaries. Identifying and attributing these threats, particularly those orchestrated by state-sponsored entities, represents a significant hurdle.

3.6.2. Complex System Architecture

In the realm of renewable energy systems, a pivotal aspect lies in their complex system architecture, marked by an intricate web of interconnectivity encompassing an extensive array of devices, sensors, and control systems. This intricate network enables the seamless integration of diverse components to optimize renewable energy efficiency and resource management [20,21,23,24,26]. However, navigating through this sophisticated framework presents a set of formidable challenges. Investigating incidents within such intricate environments demands specialized skills and tools as conventional approaches usually fall short in addressing the intricacies involved.

3.6.3. Real-Time Incident Response

Given the criticality of maintaining continuity in renewable energy systems, it is imperative and paramount to have real-time detection and incident response to thwart potential threats and avert system disruptions. The intricacies of these systems necessitate swift actions to counter emerging risks, demanding a departure from traditional forensic processes that may not align with the urgency of the situation [2,3,4,16,17,18,22,23,24,26].

3.6.4. Data Integrity and Trustworthiness

Data integrity and trustworthiness play a pivotal role in the realm of forensic analysis and legal proceedings. The overarching goal is to guarantee the accuracy of digital evidence, a task fraught with challenges due to the constant threat of tampering and manipulation. Safeguarding the integrity of data becomes particularly intricate in dynamic renewable energy environments, where the complex interplay of digital artifacts necessitates a meticulous establishment of a chain of custody [15,16,20,21,22,23,24].

3.6.5. Legal and Jurisdictional Complexities

In the realm of digital forensics within the renewable energy system, practitioners grapple with a multifaceted landscape marked by legal and jurisdictional complexities. The intricacies lie in the need to adeptly navigate a web of intricate legal frameworks and jurisdictional issues inherent to the system. One of the foremost challenges pertains to the determination of jurisdiction, a critical factor that influences the authority and applicability of legal procedures [18,19,20,24,25,26].

3.6.6. Resource Constraints

Resource constraints pose a significant challenge to digital forensics efforts. The limited availability of skilled personnel and advanced forensic tools can impede the efficiency and thoroughness of investigations. In this context, the development and retention of a highly skilled workforce become crucial, as well as ensuring access to cutting-edge forensic technologies. The scarcity of these resources may compromise the ability to conduct comprehensive digital investigations, potentially hindering the identification and prosecution of cybercriminals. Overcoming these challenges requires strategic investments in training programs for digital forensics professionals and the continual adoption of state-of-the-art tools and technologies to keep pace with evolving cyber threats [15,16,26].

3.6.7. Privacy Concerns

Privacy concerns in the realm of digital forensics present a complex landscape that demands careful consideration. The overarching issue revolves around the collection and analysis of digital evidence, a process that inherently has the potential to encroach upon individual privacy rights. Striking a delicate balance between the exigencies of forensic investigations and the imperative to safeguard individual privacy emerges as a formidable challenge.

3.6.8. Interoperability and Standardization

In the renewable energy system, characterized by a myriad of technologies and diverse vendors, the paramount challenge lies in achieving interoperability and standardization. The system’s intricate web of interconnected devices and systems necessitates a cohesive approach to ensure seamless communication and collaboration. An overview of the industry reveals a complex ecosystem that demands a unified framework for interoperability [18,19,20,23,24,25,26]. Specifically, addressing the challenges associated with digital forensics is crucial.

Addressing these issues and challenges requires a concerted effort from cybersecurity professionals, law enforcement agencies, and policymakers to establish comprehensive strategies for digital forensics in securing the renewable energy system [2,3,4,6,7,8,9,16,17,18,22,23,24,26]. The evolution of these strategies will play a critical role in safeguarding the integrity and reliability of digital systems powering the future of renewable energy. Furthermore,

Table 1. Summary of issues and challenges.

S. No.	Issues and Challenges	Description
1	Sophisticated Cyber Threats	The renewable energy system faces a persistent threat from advanced cyber adversaries, including state-sponsored entities. Identification and attribution of threats, especially advanced persistent threats (APTs), require highly sophisticated forensic techniques. Continuous adaptation of cybersecurity measures is essential to mitigate evolving and elusive cyber threats.
2	Complex System Architecture	Renewable energy systems exhibit intricate architectures with extensive interconnectivity among devices, sensors, and control systems. Investigating incidents within this complex framework demands specialized skills and tools. The sheer volume of data generated by diverse components adds complexity, potentially overwhelming forensic investigators. Effective analysis and resolution require the development and deployment of advanced methodologies.
3	Real-time Incident Response	Swift and effective real-time incident response is imperative in renewable energy systems to counter emerging risks. The challenge lies in balancing the need for immediacy with the precision required in identifying and mitigating threats. Integrating real-time capabilities into forensic processes is an ongoing endeavor to fortify against evolving threats in the dynamic renewable energy landscape.
4	Data Integrity and Trustworthiness	Ensuring the accuracy and trustworthiness of digital evidence is challenging due to the constant threat of tampering and manipulation. In dynamic renewable energy environments, maintaining a secure chain of custody for digital artifacts involves meticulous tracing from collection through analysis. Challenges include preventing tampering and navigating complexities to uphold a reliable and trustworthy data chain.
5	Legal and Jurisdictional Complexities	Legal and jurisdictional complexities in the renewable energy system require practitioners to navigate intricate legal frameworks and jurisdictional issues. Challenges involve determining jurisdiction, ensuring the legal admissibility of digital evidence, and fostering international cooperation for successful investigations. Harmonization of legal standards is crucial to address the multifaceted legal landscape in cross-border digital forensic endeavors.
6	Resource Constraints	Limited availability of skilled personnel and advanced forensic tools poses a significant challenge to digital forensics efforts. Developing and retaining a highly skilled workforce is crucial, as is ensuring access to cutting-edge forensic technologies. Resource constraints may compromise the ability to conduct comprehensive digital investigations, hindering identification and prosecution of cybercriminals.
7	Privacy Concerns	Privacy concerns arise in the collection and analysis of digital evidence, potentially encroaching upon individual privacy rights. Striking a delicate balance between the exigencies of forensic investigations and safeguarding individual privacy requires ethical guidelines and frameworks. It is a societal challenge necessitating a thoughtful and collaborative approach to uphold the rights of individuals in the digital age.
8	Interoperability and Standardization	Achieving interoperability and standardization is paramount in the dynamic renewable energy system. The challenge lies in developing unified frameworks for seamless communication and collaboration among diverse technologies and vendors. Standardized protocols are essential for facilitating effective forensic investigations, preventing obstacles in the exchange of forensic data, and ensuring overall efficiency and security of the renewable energy infrastructure.

presents a comparative analysis of issues and challenges related to digital forensics in securing the renewable energy system.

3.7. Proposed Integrated Model

Digital forensics is increasingly indispensable for protecting modern critical infrastructure, particularly renewable energy systems that rely heavily on interconnected digital technologies. As renewable energy platforms grow more complex, they introduce new cyber-risks that demand a structured and resilient security approach [2,6,11,14,18,21,26]. The following integrated framework skeletons a holistic forensic-driven cybersecurity model designed to strengthen the security posture and operational continuity of renewable energy infrastructures. The framework is composed of six interdependent phases, each reinforcing the others to create a comprehensive, proactive defense architecture. The framework comprises several interconnected steps, each contributing to a robust and proactive cybersecurity framework, as shown in Figure 3 and defined as follows:

3.7.1. Strategic Risk Assessment and Preparedness

• Systemic Risk Mapping: Identify vulnerabilities across devices, networks, control components, and communication interfaces in renewable energy systems. Assess threat likelihood, potential damage, and critical asset exposure.
• Policy and Compliance Planning: Develop clear cybersecurity policies, operational protocols, and compliance standards. Ensure alignment with national regulations, energy-sector guidelines, and digital forensics best practices.
• Capacity Building and Training: Train technical teams in incident handling, forensic readiness, and secure system operations. Establish awareness programs for operators and engineers.

3.7.2. Prevention and System Hardening

• Defense Architecture Implementation: Deploy layered security controls including firewalls, secure communication protocols, authentication mechanisms, and access control frameworks to minimize attack surfaces.
• Patch and Configuration Management: Regularly update software, firmware, and ICS/SCADA components. Fix misconfigurations and ensure all systems operate under hardened security baselines.
• Data Integrity and Secure Logging: Enable tamper-resistant logging mechanisms and ensure continuous logging of events, sensor outputs, commands, and operator actions to support future forensic investigations.

3.7.3. Threat Monitoring and Early Detection

• Continuous Network Surveillance: Use advanced IDS/IPS, anomaly detection models, and ML-enabled monitoring systems to identify unusual behavior or unauthorized access attempts.
• Behavioral and Anomaly Analytics: Integrate AI-based analytics to differentiate normal operational patterns from suspicious anomalies in power flow data, device communication, and performance metrics.
• Alert Validation and Prioritization: Establish procedures to filter false positives, validate alerts, and prioritize genuine threats that require immediate action.

3.7.4. Forensic Evidence Collection and Analysis

• Evidence Preservation Protocols: Follow standardized forensic procedures for collecting digital artifacts from logs, devices, memory images, network packets, and cloud-based controllers while ensuring chain-of-custody.
• Multi-layer Forensic Analysis: Conduct detailed forensic examinations, including timeline reconstruction, vulnerability analysis, malware analysis, and root-cause investigation.
• Correlation and Attribution: Link evidence from multiple data sources to understand the attack vector, affected systems, and potential threat actor behavior.

3.7.5. Containment, Eradication, and System Recovery

• Rapid Isolation Strategies: Immediately disconnect compromised components or networks to stop lateral movement and restrict the spread of malicious activities.
• Threat Removal and System Restoration: Remove malicious files, repair corrupted configurations, apply necessary patches, and restore clean backups to return systems to normal operations.
• Validation and Safety Checks: Verify system integrity post-restoration by conducting performance tests, security checks, and forensic confirmation that the threat has been fully eliminated.

3.7.6. Post-Incident Review and Continuous Improvement

• Lessons Learned Workshop: Conduct detailed post-incident reviews to analyze what worked, what failed, and what can be improved in detection, containment, and forensics.
• Framework Refinement: Update security policies, forensic procedures, detection rules, and operational protocols based on insights from each incident.
• Long-term Cyber-Resilience Planning: Enhance security investments, integrate new technologies, and refine workforce training to create an adaptive and future-ready renewable energy cybersecurity ecosystem.

By integrating these steps into a cohesive framework, the proposed model aims to fortify the renewable energy system against cyber threats, providing a resilient defense through proactive digital forensics practices.

3.8. Methodology

Energy systems are essential for the socioeconomic advancement of human society. A sustainable energy system enables a nation to effectively utilize its social and economic resources, with balanced energy production and consumption and minimal environmental impact. Due to their ability to account for the complexity of socioeconomic factors and the multifaceted nature of sustainability goals, multi-criteria decision-making (MCDM) techniques have gained popularity in the analysis of energy systems in recent years.

The traditional single-criterion approach, which typically focuses on identifying the most cost-effective and efficient options, can be outperformed by MCDM-based methods when addressing the growing concerns in energy management. These techniques, often referred to as multi-criteria decision analysis (MCDA) techniques, have found widespread applications in social, economic, agricultural, industrial, ecological, and biological systems. One particularly popular MCDM method for solving hierarchical problems is the AHP. The authors have employed a distinctive AHP-based soft computing approach [33,34,35] to quantitatively assess the impact of the proposed model after conducting a theoretical comparison analysis. This approach provides mathematical metrics to evaluate the model’s significance.

Several factors contribute to AHP’s widespread use in energy and environmental models, including its simplicity, ease of understanding, and its ability to break down complex problems into basic hierarchies. A key feature of the AHP method is its hierarchical structure, which logically divides complex decision problems into smaller, more manageable sub-problems. To facilitate the comparison of prioritization criteria and alternatives, decision-makers (DMs) can use the hierarchical structure provided by the AHP model. Since many energy systems involve multiple decision-makers and numerous qualitative factors, the classical AHP adopted by Mohammed, H. J. [34] may not be applicable in all cases. Due to the imprecision of many decision data points, the range of these parameters is often estimated or assumed in real-world energy sector challenges.

Fuzzy AHP, an extension of standard AHP, is better suited to address the ambiguity and uncertainty inherent in human decision-making [36]. It is crucial that the evaluation considers not only technical, economic, and environmental factors, but also the socioeconomic elements that influence the needs of various stakeholders. Given these challenges, Fuzzy AHP could serve as a valuable tool for tackling complex evaluation tasks in diverse energy system domains [36]. The comprehensive methodology of Fuzzy AHP is outlined as follows:

In the present research work, authors employed the AHP, a systematic decision-making approach endorsed by Mohammed, H. J. [34]. AHP is particularly effective for addressing both qualitative and quantitative factors that influence decision-making in renewable energy management systems. However, a significant limitation of the AHP method is its reliance on a discrete scale, typically ranging from 1 to 9, which may not adequately account for the ambiguity or uncertainty inherent in complex decision-making processes [35].

To overcome this limitation and better incorporate linguistic data, authors chose to implement the Fuzzy-AHP methodology. Fuzzy set theory, introduced to handle the inherent uncertainty in expert opinions, enhances the traditional AHP approach by allowing for more nuanced assessments. This hybrid method, known as Fuzzy-AHP, provides a more robust framework for decision-making by integrating the precision of AHP with the flexibility of fuzzy logic. The step-by-step procedures for employing this methodology are as follows:

Step 1: Equation (1) represents the preference of the kth decision maker for the jth selection criterion. Each fuzzy number is expressed as a triangular fuzzy number and the value is denoted as $a_{ij}^k$= (l, m, u), where the parameters (l, m, u) correspond to the smallest, intermediate, and largest values of uncertain judgments, respectively (

Table 2. Linguistic scale for pairwise comparison.

Scale	Linguistic Term	Numeric Value	Reciprocal
1	Equal Importance	1	1
3	Weakly Important	3	1/3
5	Essential Importance	5	1/5
7	Very Strongly Important	7	1/7
9	Extremely Important	9	1/9
2, 4, 6, 8	Intermediate Values	2–8	1/2–1/8

) [35].

Integrating Fuzzy theory into the AHP allows us to handle and represent the inherent uncertainty and ambiguity more effectively during the decision-making process.

$${\tilde{p}}^k=\left[\begin{array}{ccc}\widetilde{a_{11}^k}& \widetilde{a_{12}^k}& \begin{array}{cc}\cdots & \widetilde{a_{1j}^k}\end{array}\\ \widetilde{a_{21}^k}& \widetilde{a_{22}^k}& \begin{array}{cc}\cdots & \widetilde{a_{2j}^k}\end{array}\\ \begin{array}{c}\cdots \\ \widetilde{a_{i1}^k}\end{array}& \begin{array}{c}\cdots \\ \widetilde{a_{n2}^k}\end{array}& \begin{array}{cc}\begin{array}{c}\dots \\ \dots \end{array}& \begin{array}{c}\dots \\ \widetilde{a_{ij}^k}\end{array}\end{array}\end{array}\right]$$

(1)

where

k: Index of decision maker (k = 1,2,…).

j: Index of criterion (j = 1,2,…).

$a_{ij}^k:$ Fuzzy preference of the kth decision maker comparing criteria i with criteria j.

Step 2: In cases involving multiple decision makers, the geometric mean of each decision maker’s preference is calculated using Equation (2).

$${\tilde{r}}_{ij}={\left({\prod }_{k=1}^K{\tilde{a}}_{ij}^k\right)}^{{\displaystyle \frac{1}{K}}}$$

(2)

where,

${\tilde{r}}_{ij}$: Aggregated fuzzy preference between criterion i and j.

K: Total number of decision makers

The geometric mean is used to combine all experts’ judgments.

Step 3: The data provided by the decision makers is aggregated, and the pairwise contribution matrix is obtained using Equation (3).

$$\tilde{R}=\left[\begin{array}{ccc}{\tilde{r}}_{11}& \cdots & {\tilde{r}}_{1j}\\ ⋮& \ddots & ⋮\\ {\tilde{r}}_{i1}& \cdots & {\tilde{r}}_{ij}\end{array}\right]$$

(3)

where,

R: Final fuzzy pairwise comparison matrix after aggregating all decision makers’ inputs.

Step 4: Following the approach described by Mohammed, H. J. [34], the geometric mean of fuzzy values for each selection criterion is calculated using Equation (4).

$${\tilde{R}}_i={\left({\prod }_{j=1}^n{\tilde{r}}_{ij}\right)}^{{\displaystyle \frac{1}{n}}}$$

(4)

where,

${\tilde{R}}_i:$ Fuzzy geometric mean of the ith criterion across all comparisons.

n: Number of criteria.

Step 5: The subsequent steps outline the process of calculating fuzzy weights:

The vector summation of each criterion is calculated.

The power of the summation vector is determined to arrange the fuzzy triangular numbers in ascending order.

To calculate the fuzzy weights of the ith criterion, each summation is multiplied by the reverse vector, as shown in Equation (5).

$${\tilde{w}}_i={\tilde{r}}_i⨂{\left({\tilde{r}}_1⨁{\tilde{r}}_2\cdots \cdots ⨁{\tilde{r}}_n\right)}^{-1}=\left(l{w}_i,m{w}_i,u{w}_i\right)$$

(5)

where,

${\tilde{w}}_i:$ Fuzzy weight of the ith criterion.

⊗: Fuzzy multiplication operator.

⊕: Fuzzy addition operator.

(lwi, mwi, uwi): Triangular fuzzy weight values (lower, middle, upper).

The denominator is the fuzzy sum of all criteria geometric means, inverted.

Step 6: As ($M_i$) still represents fuzzy triangular numbers, they need to be defuzzified using the center of area method proposed by Mohammed, H. J. [34] through the application of Equation (6).

$$M_i=\left({\displaystyle \frac{l{w}_i+m{w}_i+u{w}_i}{3}}\right)$$

(6)

where,

$M_i$: Defuzzified crisp value of the ith fuzzy weight.

Step 7: Finally, the values are normalized using Equation (7).

$$N_i={\displaystyle \frac{M_i}{{\sum }_{i=1}^n{M}_i}}$$

(7)

$N_i:$ Final normalized crisp weight of the ith criterion.

Utilizing the Fuzzy-AHP methodology, thereby enhancing the reliability and security of renewable energy management systems through sophisticated decision-making processes. Moreover, the fuzzy-AHP method offers an invaluable framework for decision-makers seeking to incorporate both qualitative and quantitative factors into their decision-making paradigm, effectively navigating uncertainties and linguistic data. By amalgamating the AHP with fuzzy set theory, this approach yields a more holistic and flexible decision-making instrument.

4. Results

4.1. Numerical Analysis

To evaluate the proposed framework’s utility and the effectiveness of its outputs relative to comparable frameworks, the authors conducted a comprehensive comparative analysis. This investigation, along with numerical quantification, offers a deep understanding of the proposed framework’s practicality. To prioritize ontology frameworks, the authors employed a ranking analysis approach. Following the analysis, the framework that achieved the highest score was shared with the research community. The authors developed a hierarchical structure to evaluate prior research and utilized the AHP at a single level.

To evaluate the importance of securing renewable energy management systems through digital forensics, the study employed the Fuzzy-AHP. This multi-criteria decision-making technique is widely appreciated for its structured reasoning and ability to generate reliable priority rankings, making it suitable for assessing competing cybersecurity and forensic frameworks. In this research, Fuzzy-AHP was used to determine the relative importance of key frameworks associated with renewable energy system security and digital forensic readiness. The resulting hierarchical evaluation model offers a useful decision-support foundation for future scholars investigating similar domains. Data supporting this analysis were collected from 37 professionals representing both industry and academia as Appendix A.

A carefully selected panel of 37 domain experts was assembled through purposive expert sampling to guarantee the inclusion of individuals with substantial professional backgrounds. The panel consisted of cybersecurity professionals, system engineers, and emergency digital forensic responders, typically possessing between 8 and 15 years of relevant experience.

Participation criteria required demonstrable expertise in cybersecurity or digital forensics, prior involvement in related projects, and willingness to engage in systematic pairwise comparison activities. Each expert independently completed the pairwise comparison matrices for all defined criteria and sub-criteria using triangular fuzzy numbers and standardized fuzzy rating scales, thereby minimizing collective bias. A structured Fuzzy-AHP worksheet was provided to maintain consistency across responses. Experts also contributed quantitative scoring inputs as outlined in [33,34,35]. The final dataset therefore comprised expert-validated fuzzy judgments, aggregated criteria weights, and performance assessments of various renewable energy service models.

Using the collective insights of these specialists and applying Equations (1)–(7), the methodology produced an ordered ranking of the most significant frameworks. AHP calculations were carried out using Super Decisions v3.2, while fuzzy computations were implemented to ensure methodological precision and reproducibility. A hierarchical representation of the evaluated frameworks—including the proposed framework—is illustrated in Figure 4.

Figure 4 illustrates the hierarchical structure used for evaluating and ranking the proposed framework. The fuzzy comparison metrics, meticulously generated and aggregated, form the basis of this evaluation. This research involved testing five distinct frameworks, including the proposed framework, identified as follows: Khubrani & Alam [30] (Framework #1), Ghamri [31] (Framework #2), Rejeb et al. [37] (Framework #3), Albediwi & Sadaf [25] (Framework #4), and the Proposed Integrated Framework (Framework #5). Specialists assigned these frameworks their initial serial numbers for reference.

To assess the performance of the proposed framework and prioritize its components, authors employed a well-established hybrid multi-criteria decision-making methodology:

The AHP combined with fuzzy set theory, known as fuzzy-AHP. This methodology enabled us to determine the operational effectiveness of the proposed framework relative to the other characteristics. The fuzzy-AHP approach is renowned for producing precise, widely acknowledged, and validated results, and its efficacy has been empirically demonstrated. Through performance simulation, future researchers can identify the most effective framework for further studies. The prioritization mechanism was based on membership functions, accompanied by numerical assessments.

For the numerical evaluation,

Table 3. Triangular fuzzy numbers for expert 1.

	Framework #1	Framework #2	Framework #3	Framework #4	Framework #5
Framework #1	1.00000, 1.000000, 1.000000	2, 3, 4	5, 6, 7	3, 4, 5	1/4, 1/3, 1/2
Framework #2		1.00000, 1.000000, 1.000000	2, 3, 4	1/3, 1/2, 1	1/5, 1/4, 1/3
Framework #3			1.00000, 1.000000, 1.000000	1/4, 1/3, 1/2	1/6, 1/5, 1/4
Framework #4				1.00000, 1.000000, 1.000000	1/3, 1/2, 1
Framework #5					1.00000, 1.000000, 1.000000

presents the triangular fuzzy numbers for Expert 1 corresponding to each framework in the pairwise comparison matrix, derived using Equations (1)–(4) [31,38,39,40,41]. Similarly,

Table 4. Aggregated triangular fuzzy numbers for every specific framework.

	Framework #1	Framework #2	Framework #3	Framework #4	Framework #5
Framework #1	1.00000, 1.000000, 1.000000	0.152400, 0.812540, 1.145200	0.252400, 0.256300, 0.365300	1.112000, 1.525630, 1.936350	0.485650, 0.645650, 1.565250
Framework #2		1.00000, 1.000000, 1.000000	0.656300, 0.963650, 1.363520	0.256360, 0.355550, 0.525630	0.165630, 0.199650, 0.263650
Framework #3			1.000000, 1.000000, 1.000000	1.152110, 1.335620, 1.563520	0.315260, 0.445650, 0.815360
Framework #4				1.000000, 1.000000, 1.000000	0.232650, 0.278590, 0.423650
Framework #5					1.000000, 1.000000, 1.000000

shows the aggregated triangular fuzzy numbers for each specific framework across all experts. Once these pairwise fuzzy numbers were obtained, the values were defuzzified using the center of area method as defined in Equations (5) and (6).

Table 5. Defuzzified comparison matrix for expert 1.

	Framework #1	Framework #2	Framework #3	Framework #4	Framework #5
Framework #1	1.00000	3.00000	6.00000	4.00000	0.36100
Framework #2	0.33300	1.00000	3.00000	0.61100	0.26100
Framework #3	0.16700	0.33300	1.00000	0.36100	0.20500
Framework #4	0.25000	1.63600	2.77000	1.00000	0.61100
Framework #5	2.77000	3.83000	4.88000	1.63600	1.00000
CR = 0.02000

illustrates the defuzzified comparison matrix for Expert 1, while

Table 6. Aggregated defuzzified comparison matrix.

	Framework #1	Framework #2	Framework #3	Framework #4	Framework #5
Framework #1	1.00000	1.24525	1.65652	1.45286	0.95652
Framework #2	0.80305	1.00000	1.28695	0.68569	0.49562
Framework #3	0.60367	0.77703	1.00000	0.64565	0.66365
Framework #4	0.68829	1.45838	1.54883	1.00000	0.61632
Framework #5	1.04546	2.01767	1.50682	1.62252	1.00000
CR = 0.000563

provides the aggregated defuzzified comparison matrix obtained from the center of area method applied to the triangular fuzzy numbers. Finally, using Equation (7), the weights and final rankings of the frameworks were calculated and are presented in

Table 7. Final ranking.

S. No.	Frameworks	Weights	Percentage	Ranks
1	Framework #1	0.238991	23.90%	2
2	Framework #2	0.157809	15.78%	4
3	Framework #3	0.140853	14.09%	5
4	Framework #4	0.192445	19.24%	3
5	Framework #5	0.269902	26.99%	1

, with Figure 5 offering a graphical representation of these results.

Table 7 presents the final ranking of the five evaluated frameworks derived from the Fuzzy-AHP computation. The normalized weights and percentage share of each framework reflect their relative importance in strengthening renewable energy management system security and supporting digital forensic readiness.

The analysis shows that Framework #5 emerges as the most significant option, attaining the highest weight value of 0.269902 (26.99%), which positions it at Rank 1. Its dominance suggests that it aligns most closely with expert expectations regarding effectiveness, implement ability, and forensic applicability within renewable energy systems. This indicates that Framework #5 offers the most comprehensive balance of preventive controls, detection mechanisms, and forensic support capabilities.

Framework #1, with a weight of 0.238991 (23.90%), secures Rank 2, indicating strong performance but slightly lower priority compared to Framework #5. Experts appear to recognize its substantial contribution to system resilience, though some criteria may not be as robust as those in the top-ranked framework.

Framework #4 follows closely with a weight of 0.192445 (19.24%), placing it at Rank 3. Although not the highest performing, its intermediate score suggests that it provides a moderate level of cybersecurity and forensic preparedness but may lack some advanced or integrative features.

Further down the ranking, Framework #2 and Framework #3 receive weights of 0.157809 (15.78%) and 0.140853 (14.09%), respectively, placing them at Ranks 4 and 5. Their lower scores imply relatively limited applicability compared to the leading frameworks, possibly due to narrower functional scope, weaker forensic readiness, or reduced adaptability to the complexities of renewable energy systems.

The ranking outcomes reveal that experts strongly favor Framework #5, followed by Framework #1 and Framework #4, as the most promising solutions for safeguarding renewable energy infrastructures. The distribution of weights reflects a clear differentiation in perceived effectiveness, allowing researchers and practitioners to identify priority frameworks for future adoption, enhancement, or integration into hybrid cybersecurity strategies.

4.2. Validation

The comparison presented in

Table 8. Comparison between Fuzzy AHP, Fuzzy Weighted Method, and Classical AHP.

S. No.	Frameworks	Fuzzy AHP	Fuzzy Weighted Method	Classical AHP
1	Framework #1	0.238991	0.231214	0.231225
2	Framework #2	0.157809	0.151117	0.151221
3	Framework #3	0.140853	0.141352	0.141585
4	Framework #4	0.192445	0.191452	0.191635
5	Framework #5	0.269902	0.259475	0.259994

examines the priority values generated by three different multi-criteria decision-making techniques—Fuzzy AHP, the Fuzzy Weighted Method, and the Classical AHP—to evaluate five alternative security and digital forensic frameworks for renewable energy management systems [42,43]. This comparison was carried out to understand how each method handles expert uncertainty and to determine whether fuzzy-based approaches offer more reliable and discriminative evaluations than conventional crisp AHP. While Classical AHP relies on precise numerical judgments, Fuzzy AHP [36] and the Fuzzy Weighted Method incorporate fuzzy logic to accommodate the ambiguity that typically arises in cybersecurity-related assessments. By applying all three techniques to the same dataset, the study aimed to establish the robustness, stability, and reliability of the resulting framework rankings.

The results in Table 8 and Figure 6 show that all three methods produce highly consistent priority distributions for the five frameworks. Framework #5 consistently received the highest weight across all methods, indicating its strong alignment with critical evaluation criteria. In contrast, Framework #2 obtained the lowest values in each approach, suggesting comparatively weaker performance. The priority values for Frameworks #1, #3, and #4 fall within moderate ranges, with only minor numerical differences between the three methods. These outcomes confirm the internal consistency of expert judgments and validate the selection of criteria used in the decision hierarchy. The close agreement among the three techniques also demonstrates that the evaluation structure was methodologically sound.

A deeper analysis reveals that Fuzzy AHP produces slightly more differentiated weights compared to the other two methods (Fuzzy Weighted method and Classical AHP method). This indicates that the approach is more sensitive to variations in expert opinions, allowing it to capture subtle nuances in decision-making under conditions of uncertainty. The Fuzzy Weighted Method, on the other hand, offers modest adjustments relative to Classical AHP, showing that it provides an intermediate level of refinement without the full hierarchical modeling capabilities of Fuzzy AHP [44,45,46,47,48,49]. Because cybersecurity and digital forensics often involve subjective assessments, the ability of fuzzy-based models to absorb uncertainty becomes particularly valuable. The small numerical variations among the methods also reflect the reliability of the evaluation process, suggesting that the experts’ judgments were consistent and that the final rankings are stable. Overall, the findings confirm that Framework #5 stands out as the most effective alternative, while Framework #2 is the least favorable, and that fuzzy-enhanced approaches provide greater analytical depth for complex decision-making environments.

To evaluate the consistency of the prioritization outcomes generated by the three decision-making techniques—Fuzzy AHP, Fuzzy Weighted Method, and Classical AHP—Spearman’s rank-order correlation coefficient was applied. This non-parametric measure is particularly suitable for assessing agreement among ranking-based methodologies, as it determines the strength and direction of monotonic relationships between independent sets of ranks. Using the framework priority scores presented in Table 8, pairwise correlations were computed for all three method combinations. The results revealed an exceptionally high level of agreement: each pair of methods produced a correlation coefficient of ρ = 1.00 with a highly significant p-value (p < 0.001) [50]. These values indicate a perfect positive monotonic relationship, demonstrating that all three techniques yield identical rank-orderings of the evaluated frameworks.

The presence of perfect correlations across all comparisons highlights the robustness and stability of the prioritization process. Regardless of whether fuzzy-based or classical weighting approaches were used, the relative importance assigned to the five frameworks remained unchanged. Such uniformity underscores the methodological reliability of the analysis and confirms that the evaluation is not sensitive to the choice of MCDM technique. Consequently, the statistical validation reinforces the credibility of the proposed framework’s ranking position and supports the integrity of the overall decision-making process.

4.3. Comparison with Other Models

The proposed integrated model for digital forensics in the renewable energy system stands out as a comprehensive and proactive strategy to enhance cybersecurity and resilience, particularly against emerging cyber threats. This framework contrasts with other models in its methodical approach, involving interconnected steps like prevention, detection, containment, and recovery. The key advantage lies in its structured prevention and preparedness phase, focusing on risk assessment and incident response planning, which sets the stage for a robust cybersecurity posture.

In comparison, Khubrani and Alam’s [30] blockchain-based microgrid framework addresses renewable energy system challenges like transmission losses and centralized vulnerabilities by leveraging blockchain for peer-to-peer energy trading and secure, transparent operations. While effective for energy distribution and trust-building, it lacks the comprehensive cybersecurity focus and systematic approach to incident handling seen in the proposed digital forensics framework.

Ghamri’s [31] FIST Framework, aimed at optimizing education and employment data sharing, emphasizes trust and accuracy through formal modeling and rigorous validation. Though highly relevant to improving resource allocation and fostering economic growth, it primarily targets data integration trustworthiness rather than the multifaceted cybersecurity strategies of the proposed model in the renewable energy system.

Rejeb et al.’s [37] analysis on blockchain in renewable energy underscores its transformative potential in enhancing renewable energy efficiency and enabling decentralized trading. Their focus on academic discourse and bibliometric analysis highlights blockchain’s applications but lacks the proactive cybersecurity measures and detailed incident response protocols of the proposed digital forensics framework.

Finally, Albediwi and Sadaf’s [25] cybersecurity awareness framework aims to enhance national cybersecurity awareness through targeted training and education programs. While crucial for increasing public knowledge and reducing negligent behavior, this framework does not address the technical and procedural aspects of cybersecurity incident management, which are integral to the proposed digital forensics model.

Table 9. Comparative analysis of the frameworks.

S. No.	Criteria	Proposed Integrated Model	Khubrani & Alam [30]	Ghamri [31]	Rejeb et al. [37]	Albediwi & Sadaf [25]
1	Focus Area	Digital forensics, cybersecurity in renewable energy system	Blockchain-based microgrid for renewable energy management	Trust and accuracy in educational and employment data	Blockchain technology in renewable energy system	Cybersecurity awareness among general population
2	Primary Goal	Enhance cybersecurity and resilience in renewable energy systems	Ensure secure and reliable power generation and distribution	Optimize resource allocation and foster economic growth through accurate data sharing	Enhance renewable energy efficiency, enable decentralized trading, ensure transaction transparency	Increase cybersecurity awareness across all demographics
3	Key Components	Prevention, Detection, Containment, Recovery	Peer-to-peer energy trading, Renewable Energy Certificates, decentralized energy trading	Facilitating Conditions, IT Services, Secure Access, Trust and Accuracy (FIST)	Integration with smart grids, electric vehicle integration, sustainable urban energy systems	Training programs, incident response, addressing awareness in informal backgrounds
4	Advantages	Comprehensive, proactive approach; integrates risk assessment, IDS, forensic analysis, and continuous improvement	Decentralized management, addresses trust and cybersecurity challenges using blockchain	Emphasis on trust and accuracy, formal modeling for rigorous validation	Diverse applications in renewable energy systems, fills knowledge gap, comprehensive bibliometric analysis	National-level awareness, targets diverse demographics, includes incident response
5	Cybersecurity Approach	Proactive and reactive measures, systematic evidence collection, swift threat containment	Blockchain for enhanced security, smart contracts for transparency	Ensures data reliability and accuracy, formal validation techniques	Blockchain for transparency and security, decentralized management	Awareness programs, training, incident response
6	Application Context	Renewable energy infrastructures, critical infrastructure protection	Localized microgrids, renewable energy management	Educational and employment data integration	Renewable energy system, smart grids, electric vehicles	General population, educational institutions, organizations
7	Strengths	Holistic and adaptable, integrates multiple cybersecurity layers, continuous improvement loop	Utilizes blockchain for decentralized energy management, enhances trust and security	Focus on data accuracy and trust, adaptable to evolving threats, supports economic growth	Comprehensive analysis, broad thematic coverage, highlights blockchain’s transformative potential	Addresses widespread cybersecurity awareness, inclusive of all demographics

demonstrates the unique features and advantages of each framework, highlighting how the proposed integrated model stands out in terms of its comprehensive approach to enhancing cybersecurity and resilience in the renewable energy system. Further, the proposed integrated model for digital forensics in the renewable energy system offers several advantages over these frameworks. Its proactive, multi-phase approach to cybersecurity, encompassing prevention, detection, containment, and recovery, ensures a comprehensive defense mechanism. This robustness, combined with its detailed incident response and continuous improvement strategies, makes it exceptionally well-suited for safeguarding critical infrastructure in an increasingly digital and interconnected world.

5. Discussion

This paper aims to provide a comprehensive evaluation of the results and their implications for implementing a renewable energy management system based on the fuzzy AHP method, with a particular focus on evaluating cyberattacks in digital forensics [2,3,4,5,6,42,51,52,53,54]. The main results of the research demonstrate that the proposed framework outperforms traditional security assessment methods in terms of threat detection accuracy, response prioritization, and adaptability to evolving cyber risks. Specifically, the integration of digital forensics with Fuzzy AHP enables:

• More accurate prioritization of cyber threats under uncertain conditions
• Reduced response time through structured forensic readiness
• Improved adaptability to dynamic threat landscapes

For customers and clients—such as renewable energy operators, grid managers, and policymakers—the model provides a decision-support tool that supports informed cybersecurity investments, risk mitigation planning, and regulatory compliance. The framework helps stakeholders allocate resources efficiently, strengthen incident response strategies, and enhance trust in sustainable energy infrastructures.

By critically examining the benefits, limitations, and potential research directions, this discussion aims to provide a deeper understanding of the implications and future prospects of implementing a renewable energy management system based on fuzzy logic and AHP to address security concerns.

5.1. Results and Their Potential Impact

This research significantly contributes to highlighting the essential role of digital forensics in enabling effective incident response, evidence collection, and forensic analysis within renewable energy systems. Through detailed case studies and the application of fuzzy-based computational methods, the study provides a comprehensive framework for evaluating and prioritizing cybersecurity strategies. The use of fuzzy-AHP methodology, known for its precision in decision-making, further enhances the reliability of the proposed framework.

Key contributions of the study include:

• Conducted an in-depth analysis of prior studies to establish the contextual background for cybersecurity and renewable energy integration.
• Analyzed the existing cybersecurity posture of energy infrastructure, identifying gaps and vulnerabilities in the protection of critical assets.
• Highlighted the major cyber threats and attack vectors specific to renewable energy infrastructures such as smart grids and IoT-based systems.
• Summarized the critical issues—technical, organizational, and regulatory—that hinder effective cybersecurity implementation in renewable energy sectors.
• Proposed a novel integrated model combining cybersecurity measures, forensic capabilities, and decision-support tools to enhance energy system security.
• Conducted numerical analysis using Fuzzy AHP and benchmarking of five frameworks, where Framework #5 achieved the highest ranking with 26.99% weight, demonstrating superior performance.

From energy cost reductions and peak demand alleviation to improved energy efficiency and user comfort, the application of fuzzy-based smart energy management systems in the homes offers numerous advantages [55]. These systems not only support national and global sustainability goals but also promise significant economic and environmental benefits.

5.2. Limitations and Future Research

While the present study offers meaningful insights, certain limitations should be acknowledged. One primary constraint is the relatively small sample size of 37 industry and academic practitioners, which may restrict the generalizability of the findings. Although expert-driven evaluations provide depth and rigor, future studies involving a larger and more diverse pool of stakeholders could enhance the robustness and external validity of the proposed framework. Additionally, the case studies examined were confined to specific scenarios within the renewable energy sector, which may limit the applicability of the results across different regions, energy domains, or socio-economic contexts. Hence, further empirical validation and contextual adaptation are required to ensure broader relevance.

Another limitation arises from the computational and conceptual complexity of the fuzzy-AHP methodology. Despite its effectiveness in handling uncertainty and multi-criteria decision-making, its adoption may be challenging for practitioners who lack prior exposure to fuzzy logic or AHP-based techniques. The current framework also assumes relative stability in regulatory, geopolitical, and economic environments, whereas cybersecurity dynamics in the energy sector vary significantly across countries and regulatory regimes, potentially affecting the transferability of the findings.

To address these limitations, future research should explore advanced extensions of fuzzy logic, particularly neutrosophic logic, which is capable of modeling uncertainty, indeterminacy, and inconsistency more comprehensively than conventional fuzzy systems. The integration of neutrosophic-AHP or hybrid decision-making models could provide deeper insights into ambiguous and incomplete information environments commonly encountered in smart and renewable energy systems.

Furthermore, future investigations may focus on developing comprehensive cybersecurity and digital forensics frameworks tailored for intelligent renewable energy management. Additional research directions include the seamless integration of diverse renewable energy sources, real-time pricing mechanisms, and demand response systems. These avenues have the potential to significantly enhance the effectiveness, adaptability, and resilience of intelligent energy management systems, thereby supporting secure grid operations, optimal energy utilization, and long-term environmental sustainability [51,52,53,56].

6. Conclusions

The integration of digital forensics has emerged as a crucial strategy for ensuring robust cybersecurity in the increasingly interconnected and digitalized world of renewable energy systems. Through an in-depth exploration of this intersection, these findings highlight the critical role that digital forensics plays in securing the complex network of interconnected systems powering renewable energy infrastructure. This research sheds light on the current state of digital forensics in renewable energy systems, identifying inherent vulnerabilities ranging from potential cyber threats to weaknesses in existing forensic methodologies.

The results demonstrate that proposed framework 5 of cyber threat and digital forensics provide complete package, i.e., Prevention, Detection, Containment and Recovery for renewable energy-based infrastructure. Also, the comparison analysis using Fuzzy AHP provide the betterment of the proposed framework form other methods. Framework #5 emerges as the most significant option, attaining the highest weight value of 0.269902 (26.99%), which positions it at Rank 1. Although there are still certain drawbacks in the implementation of Fuzzy AHP, like the requirement for more extensive case validation and methodological simplification, the suggested framework offers a useful starting point for developing national and international renewable energy security policies.

In the end, strengthening renewable energy systems with strong cybersecurity and forensic measures is not only a technical requirement but also a strategic imperative for attaining sustainability, dependability, and national security in a world that is becoming more and more digital.