Search Results (226)

The digital transformation of electric power systems into smart grids has significantly expanded the cybersecurity risk landscape of the energy sector. While advanced sensing, communication, automation, and data-driven control improve efficiency, flexibility, and renewable energy integration, they also introduce complex cyber–physical interdependencies and new vulnerabilities across interconnected technical and organisational domains. This study adopts a scoping review methodology in accordance with PRISMA-ScR to systematically analyse smart grid cybersecurity from an architecture-aware and resilience-oriented perspective. Peer-reviewed scientific literature and authoritative institutional sources are synthesised to examine modern smart grid architectures, key security challenges, major cyberthreats, and documented real-world cyber incidents affecting energy infrastructure up to 2025. The review systematically links architectural characteristics such as field devices, communication networks, software platforms, data pipelines, and externally operated services to specific threat mechanisms and observed attack patterns, illustrating how cyber risk propagates across interconnected grid components. The findings show that cybersecurity challenges in smart grids arise not only from technical vulnerabilities but also from architectural dependencies, software supply chains, operational constraints, and cross-sector coupling. Based on the analysis of historical incidents and emerging research, the study identifies key defensive strategies, including zero-trust architectures, advanced monitoring and anomaly detection, secure software lifecycle management, digital twins for cyber–physical testing, and cyber-resilient grid design. The review concludes that cybersecurity in smart grids should be treated as a systemic and persistent condition, requiring resilience-oriented approaches that prioritise detection, containment, recovery, and safe operation under adverse conditions. Full article

With the acceleration of digital transformation, open-source software has become a fundamental component of modern smart grids and other critical infrastructures. However, the complex dependency structures of open-source ecosystems and the continuous emergence of vulnerabilities pose substantial challenges to software supply chain security. In power information networks and cyber–physical control systems, vulnerabilities in open-source components integrated into Supervisory Control and Data Acquisition (SCADA), Energy Management System (EMS), and Distribution Management System (DMS) platforms and distributed energy controllers may propagate along the supply chain, threatening system security and operational stability. In such application scenarios, large language models (LLMs) often suffer from limited semantic accuracy when handling domain-specific security terminology, as well as deployment inefficiencies that hinder their practical adoption in critical infrastructure environments. To address these issues, this paper proposes KD-SecBERT, a domain-specific semantic bidirectional encoder optimized through multi-level knowledge distillation for open-source software supply chain security in smart grid applications. The proposed framework constructs a hierarchical multi-teacher ensemble that integrates general language understanding, cybersecurity-domain knowledge, and code semantic analysis, together with a lightweight student architecture based on depthwise separable convolutions and multi-head self-attention. In addition, a dynamic, multi-dimensional distillation strategy is introduced to jointly perform layer-wise representation alignment, ensemble knowledge fusion, and task-oriented optimization under a progressive curriculum learning scheme. Extensive experiments conducted on a multi-source dataset comprising National Vulnerability Database (NVD) and Common Vulnerabilities and Exposures (CVE) entries, security-related GitHub code, and Open Web Application Security Project (OWASP) test cases show that KD-SecBERT achieves an accuracy of 91.3%, a recall of 90.6%, and an F1-score of 89.2% on vulnerability classification tasks, indicating strong robustness in recognizing both common and low-frequency security semantics. These results demonstrate that KD-SecBERT provides an effective and practical solution for semantic analysis and software supply chain risk assessment in smart grids and other critical-infrastructure environments. Full article

The increasing digitization of critical infrastructure and the increasing use of Industrial Internet of Things (IIoT) systems are leading to a significant increase in the exposure of operating systems to cyber threats. The integration of information (IT) and operational (OT) layers, characteristic of today’s industrial environments, results in an increase in the complexity of system architecture and the number of security events that require ongoing analysis. Under such conditions, classic approaches to monitoring and responding to incidents prove insufficient, especially in the context of systems with high reliability and business continuity requirements. The aim of this article is to analyze the possibilities of using Large Language Models (LLMs) in the protection of industrial IoT systems operating in critical infrastructure. The paper analyzes the architecture of industrial automation systems and identifies classes of cyber threat scenarios characteristic of IIoT environments, including availability disruptions, degradation of system operation, manipulation of process data, and supply-chain-based attacks. On this basis, the potential roles of large language models in security monitoring processes are examined, particularly with respect to incident interpretation, correlation of heterogeneous data sources, and contextual analysis under operational constraints. The experimental evaluation demonstrates that, when compared to a rule-based baseline, the LLM-based approach provides consistently improved classification of incident impact and attack vectors across IT, DMZ, and OT segments, while maintaining a low rate of unsupported responses. These results indicate that large language models can complement existing industrial IoT security mechanisms by enhancing context-aware analysis and decision support rather than replacing established detection and monitoring systems. Full article

Industrial Control Systems (ICS) are fundamental to the operation, monitoring, and automation of critical infrastructure in sectors such as energy, water utilities, manufacturing, transportation, and oil and gas. According to the Purdue Model, ICS encompasses tightly coupled OT and IT layers, becoming increasingly interconnected. Smart grids represent a critical class of ICS; thus, this survey examines encryption and relevant protocols in smart grid communications, with findings extendable to other ICS. Encryption techniques implemented at both the protocol and network layers are among the most effective cybersecurity strategies for protecting communications in increasingly interconnected ICS environments. This paper provides a comprehensive survey of encryption practices within the smart grid as the primary ICS application domain, focusing on protocol-level solutions (e.g., DNP3, IEC 60870-5-104, IEC 61850, ICCP/TASE.2, Modbus, OPC UA, and MQTT) and network-level mechanisms (e.g., VPNs, IPsec, and MACsec). We evaluate these technologies in terms of security, performance, and deployability in legacy and heterogeneous systems that include renewable energy resources. Key implementation challenges are explored, including real-time operational constraints, cryptographic key management, interoperability across platforms, and alignment with NERC CIP, IEC 62351, and IEC 62443. The survey highlights emerging trends such as lightweight Transport Layer Security (TLS) for constrained devices, post-quantum cryptography, and Zero Trust architectures. Our goal is to provide a practical resource for building resilient smart grid security frameworks, with takeaways that generalize to other ICS. Full article

Low-altitude logistics (LAL), supported by unmanned aerial vehicles (UAVs) and emerging urban air mobility operations within the low-altitude airspace (typically <1000 m), is rapidly reshaping last-mile distribution and time-critical delivery. However, LAL systems remain vulnerable to compound disruptions spanning weather, infrastructure, governance, and cybersecurity. Using a PRISMA-guided protocol, this systematic review synthesizes 1600 peer-reviewed studies published from 2020 to 2025 and combines bibliometric mapping (VOSviewer) with qualitative content analysis to consolidate the knowledge base on low-altitude logistics resilience (LALR). We conceptualize LALR via four coupled pillars, including robustness, adaptability, recoverability, and redundancy. The synthesize evidence across key vulnerability domains consists of platform reliability, communication and infrastructure readiness, regulatory fragmentation, cyber exposure, and weather-driven operational uncertainty. Building on the synthesis, we propose a Technology–Policy–Ecosystem roadmap that links (i) AI-enabled autonomy and risk-aware planning, (ii) adaptive governance tools such as regulatory sandboxes and dynamic airspace/UTM management, and (iii) ecosystem-level interventions, notably public–private partnerships and equity-oriented service design for underserved areas. We further outline a research agenda centered on measurable resilience metrics, activate redundancy design, climate-adaptive UAV operations, and digital-twin-enabled orchestration for scalable and sustainable LAL ecosystems. Full article

This article develops a hybrid neural network method for detecting UDP flooding in critical infrastructure microgrid protection systems. This method combines sequential statistics (CUSUM) and a multimodal convolutional 1D-CNN architecture with a composite scoring criterion. Input features are generated using packet-aggregated one-minute vectors with metrics for packet count, average size, source entropy, and HHI concentration index, as well as compact sketches of top sources. To ensure forensically relevant incident recording, a greedy artefact selection policy based on the knapsack problem with a limited forensic buffer is implemented. The developed method is theoretically justified using a likelihood ratio criterion and adaptive threshold tuning, which ensures control over the false alarm probability. Experimental validation on traffic datasets demonstrated high efficiency, with an overall accuracy of 98.7%, a sensitivity of 97.4%, an average model inference time of 5.3 ms (2.5 times faster than its LSTM counterpart), a controlled FPR of 0.96%, and a reduction in asymptotic detection latency with an increase in intensity from 35 to 12 s. Moreover, with a storage budget of 10 MB, 28 priority bins were selected (their total size was 7.39 MB), ensuring the approximate preservation of 85% of the most informative packets for subsequent examination. This research contribution involves the creation of a ready-to-deploy, resource-efficient detector with low latency, explainable statistical layers, and a built-in mechanism for generating a standardized evidence package to facilitate rapid law enforcement response. Full article

This study critically examines the technological feasibility, regulatory challenges, and societal acceptance of Pilotless Passenger Aircraft (PPAs) in commercial aviation. A mixed-methods design integrated quantitative passenger surveys (n = 312) and qualitative pilot interviews (n = 15), analyzed using SPSS and NVivo to capture both statistical and thematic perspectives. Results show moderate public awareness (58%) but limited willingness to fly (23%), driven by safety (72%), cybersecurity (64%), and human judgement (60%) concerns. Among pilots, 93% agreed automation improves safety, yet 80% opposed removing human pilots entirely, underscoring reliance on human adaptability in emergencies. Both groups identified regulatory assurance, demonstrable reliability, and human oversight as prerequisites for acceptance. Technologically, this paper synthesizes advances in AI-driven flight management, multi-sensor navigation, and high-integrity control systems, including Airbus’s ATTOL and NASA’s ICAROUS, demonstrating that pilotless flight is technically viable but has yet to achieve the airline-grade reliability target of 10⁻⁹ failures per flight hour. Regulatory analysis of FAA, EASA, and ICAO frameworks reveals maturing but fragmented approaches to certifying learning-enabled systems. Ethical and economic evaluations indicate unresolved accountability, job displacement, and liability issues, with potential 10–15% operational cost savings offset by certification, cybersecurity, and infrastructure expenditures. Integrated findings confirm that PPAs represent a socio-technical challenge rather than a purely engineering problem. This study recommends a phased implementation roadmap: (1) initial deployment in cargo and low-risk missions to accumulate safety data; (2) hybrid human–AI flight models combining automation with continuous human supervision; and (3) harmonized international certification standards enabling eventual passenger operations. Policy implications emphasize explainable-AI integration, workforce reskilling, and transparent public engagement to bridge the trust gap. This study concludes that pilotless aviation will not eliminate the human element but redefine it, achieving autonomy through partnership between human judgement and machine precision to sustain aviation’s uncompromising safety culture. Full article

The electric power grid constitutes a foundational pillar of modern critical infrastructure (CI), underpinning societal functionality and global economic stability. Yet, the increasing convergence of Information Technology (IT) and Operational Technology (OT), particularly through the integration of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), has amplified the sector’s exposure to sophisticated cyber threats. This study conducts a comparative analysis of five major cyber incidents targeting electric power systems: the 2015 and 2016 Ukrainian power grid disruptions, the 2022 Industroyer2 event, the 2010 Stuxnet attack, and the 2012 Shamoon incident. Each case is examined with respect to its objectives, methodologies, operational impacts, and mitigation efforts. Building on these analyses, the research evaluates the extent to which such attacks could have been prevented or mitigated through the systematic adoption of leading cybersecurity maturity frameworks. The NIST Cybersecurity Framework (CSF) 2.0, the ENISA NIS2 Directive Risk Management Measures, the U.S. Department of Energy’s Cybersecurity Capability Maturity Model (C2M2), and the Cybersecurity Risk Foundation (CRF) Maturity Model alongside complementary technical standards such as NIST SP 800-82 and IEC 62443 have been thoroughly examined. The findings suggest that a proactive, layered defense architecture grounded in the principles of these frameworks could have significantly reduced both the likelihood and the operational impact of the reviewed incidents. Moreover, the paper identifies critical gaps in the existing maturity models, particularly in their ability to capture hybrid, cross-domain, and human-centric threat dynamics. The study concludes by proposing directions for evolving from compliance-driven to resilience-oriented cybersecurity ecosystems, offering actionable recommendations for policymakers and power system operators to strengthen the cyber-physical resilience of electric generation and distribution infrastructures worldwide. Full article

The security and integrity of election systems represent fundamental pillars of democratic governance in the 21st century. As electoral processes increasingly rely on networked technologies and digital infrastructures, the vulnerability of these systems to cyber threats has become a paramount concern for election officials, cybersecurity experts, and policymakers worldwide. This paper presents the first comprehensive synthesis and systematic analysis of vulnerabilities across major U.S. election systems, integrating findings from government assessments, security research, and documented incidents into a unified analytical framework. We compile and categorize previously fragmented vulnerability data from multiple vendors, federal advisories (CISA, EAC), and security assessments to construct a holistic view of the election security landscape. Our novel contribution includes (1) the first cross-vendor vulnerability taxonomy for election systems, (2) a quantitative risk assessment framework specifically designed for election infrastructure, (3) systematic mapping of threat actor capabilities against election system components, and (4) the first proposal for honeynet deployment in election security contexts. Through analysis of over 200 authoritative sources, we identify critical security gaps in federal guidelines, quantify risks in networked election components, and reveal systemic vulnerabilities that only emerge through comprehensive cross-system analysis. Our findings demonstrate that interconnected vulnerabilities create risk-amplification factors of 2-5x compared to isolated component analysis, highlighting the urgent need for comprehensive federal cybersecurity standards, improved network segmentation, and enhanced monitoring capabilities to protect democratic processes. Full article

Wireless Sensor Networks (WSNs) are increasingly being used in mission-critical infrastructures. In such applications, they are evaluated on the risk of cyber intrusions that can target the already constrained resources. Traditionally, Intrusion Detection Systems (IDS) in WSNs have been based on machine learning techniques; however, these models fail to capture the nonlinear, temporal, and topological dependencies across the network nodes. As a result, they often suffer degradation in detection accuracy and exhibit poor adaptability against evolving threats. To overcome these limitations, this study introduces a hybrid deep learning-based IDS that integrates multi-scale convolutional feature extraction, dual-stage attention fusion, and graph convolutional reasoning. Moreover, bidirectional long short-term memory components are embedded into the unified framework. Through this combination, the proposed architecture effectively captures the hierarchical spatial–temporal correlations in the traffic patterns, thereby enabling precise discrimination between normal and attack behaviors across several intrusion classes. The model has been evaluated on a publicly available benchmarking dataset, and it has been found to attain higher classification capability in multiclass scenarios. Furthermore, the model outperforms conventional IDS-focused approaches. In addition, the proposed design aims to retain suitable computational efficiency, making it appropriate for edge and distributed deployments. Consequently, this makes it an effective solution for next-generation WSN cybersecurity. Overall, the findings emphasize that combining topology-aware learning with multi-branch attention mechanisms offers a balanced trade-off between interpretability, accuracy, and deployment efficiency for resource-constrained WSN environments. Full article

In the context of Industry 4.0, digital transformation is reshaping global energy systems. Among the key enabling technologies, Digital Twin (DT)—a dynamic, virtual replica of physical systems—has emerged as a critical tool for improving the performance, reliability, and safety of clean energy infrastructure. In line with the United Nations Sustainable Development Goals (SDGs)—particularly SDG 7 (Affordable and Clean Energy) and SDG 11 (Sustainable Cities and Communities)—the integration of DTs presents unprecedented opportunities to enhance operational efficiency and support proactive decision making. This state-of-the-art review, focused on studies published in 2020–2025, summarizes applications of DTs across the energy value chain, encompassing a broad spectrum of sectors—including solar, wind, hydropower, hydrogen, geothermal, bioenergy, nuclear, and tidal energy—and their critical role in building-to-grid integration. It synthesizes foundational concepts, assesses the evolution of the DT from a predictive tool to a system-level risk-management platform, and provides a critical analysis of its impact. Furthermore, this review discusses the key challenges hindering widespread adoption, including the critical need for interoperability across systems, ensuring the cybersecurity of socio-technical infrastructure, and addressing the complexities of the human-in-the-loop problem. Key research gaps are identified to guide future innovation. Ultimately, this study underscores the transformative potential of DTs as essential tools for accelerating the digital transformation of the energy sector, offering a robust framework for both methodological development and practical deployment. Full article

The rapid development of the Internet of Things (IoT), a network of interconnected devices and sensors, has improved operational efficiency, comfort, and sustainability in smart buildings. However, relying on interconnected systems also introduces cybersecurity vulnerabilities. For instance, attackers can exploit zero-day vulnerabilities (previously unknown security flaws), launch Distributed Denial of Service (DDoS) attacks (overwhelming network resources with traffic), or access sensitive Building Management Systems (BMS, centralized platforms for controlling building operations). By targeting critical assets such as Heating, Ventilation, and Air Conditioning (HVAC) systems, security cameras, and access control networks, they may compromise the safety and functionality of the entire building. To address these threats, this paper presents a cybersecure intelligent sensor framework to protect smart buildings from various IoT-related cyberattacks. The main component is an automated Intrusion Detection System (IDS, software that monitors network activity for suspicious actions), which uses machine learning algorithms to rapidly identify, classify, and respond to potential threats. Furthermore, the framework integrates intelligent sensor networks with AI-based analytics, enabling continuous monitoring of environmental and system data for behaviors that might indicate security breaches. By using predictive modeling (forecasting attacks based on prior data) and automated responses, the proposed system enhances resilience against attacks such as denial of service, unauthorized access, and data manipulation. Simulation and testing results show high detection rates, low false alarm frequencies, and fast response times, thereby supporting the cybersecurity of smart building infrastructures and minimizing downtime. Overall, the findings suggest that AI-enhanced cybersecurity systems offer promise for IoT-based smart building security. Full article

Industry 5.0 introduces a shift toward human-centric, sustainable, and resilient industrial ecosystems, emphasizing intelligent automation, collaboration, and adaptive operations. Predictive Maintenance (PdM) plays a critical role in this transition, addressing the limitations of traditional maintenance approaches in increasingly complex and data-driven environments. The convergence of Artificial Intelligence and the Industrial Internet of Things, referred to as the Artificial Intelligence of Things (AIoT), enables real-time sensing, learning, and decision-making for advanced fault detection, Remaining Useful Life estimation, and prescriptive maintenance actions. This study provides a systematic and structured review of AIoT-enabled PdM aligned with Industry 5.0 objectives. It presents a unified taxonomy integrating AI models, Industrial Internet of Things (IIoT) infrastructures, and AIoT architectures; reviews AI-driven techniques, sector-specific implementations in manufacturing, transportation, and energy; and analyzes emerging paradigms such as Edge–Cloud collaboration, federated learning, self-supervised learning, and digital twins for autonomous and privacy-preserving maintenance. Furthermore, this paper synthesizes strengths, limitations, and cross-industry challenges, and outlines future research directions centered on explainability, data quality and heterogeneity, resource-constrained intelligence, cybersecurity, and human–AI collaboration. By bridging technological advancements with Industry 5.0 principles, this review contributes a comprehensive foundation for the development of scalable, trustworthy, and next-generation AIoT-based predictive maintenance systems. Full article

Intrusion detection systems (IDSs) must operate under severe class imbalance, evolving attack behavior, and the need for calibrated decisions that integrate smoothly with security operations. We propose a human-in-the-loop IDS that combines a convolutional neural network and a long short-term memory network (CNN–LSTM) classifier with a variational autoencoder (VAE)-seeded conditional Wasserstein generative adversarial network with gradient penalty (cWGAN-GP) augmentation and entropy-based abstention. Minority classes are reinforced offline via conditional generative adversarial (GAN) sampling, whereas high-entropy predictions are escalated for analysts and are incorporated into a curated retraining set. On CIC-IDS2017, the resulting framework delivered well-calibrated binary performance (ACC = 98.0%, DR = 96.6%, precision = 92.1%, F1 = 94.3%; baseline ECE ≈ 0.04, Brier ≈ 0.11) and substantially improved minority recall (e.g., Infiltration from 0% to >80%, Web Attack–XSS +25 pp, and DoS Slowhttptest +15 pp, for an overall +11 pp macro-recall gain). The deployed model remained lightweight (~42 MB, <10 ms per batch; ≈32 k flows/s on RTX-3050 Ti), and only approximately 1% of the flows were routed for human review. Extensive evaluation, including ROC/PR sweeps, reliability diagrams, cross-domain tests on CIC-IoT2023, and FGSM/PGD adversarial stress, highlights both the strengths and remaining limitations, notably residual errors on rare web attacks and limited IoT transfer. Overall, the framework provides a practical, calibrated, and extensible machine learning (ML) tier for modern IDS deployment and motivates future research on domain alignment and adversarial defense. Full article

The integration of connected vehicles into smart city infrastructure introduces critical cybersecurity challenges for the Internet of Vehicles (IoV), where resource-constrained vehicles and powerful roadside units (RSUs) must collaborate for secure communication. We propose H-RT-IDPS, a hierarchical real-time intrusion detection and prevention system targeting two high-priority IoV security pillars: availability (traffic overload) and integrity/authenticity (spoofing), with spoofing evaluated across multiple subclasses (GAS, RPM, SPEED, and steering wheel). In the offline phase, deep learning and hybrid models were benchmarked on the vehicular CAN bus dataset CICIoV2024, with the BiLSTM-XGBoost hybrid chosen for its balance between accuracy and inference speed. Real-time deployment uses a TinyML-distilled CNN on vehicles for ultra-lightweight, low-latency detection, while RSU-level BiLSTM-XGBoost performs a deeper temporal analysis. A Kafka–Spark Streaming pipeline supports localized classification, prevention, and dashboard-based monitoring. In baseline, stealth, and coordinated modes, the evaluation achieved accuracy, precision, recall, and F1-scores all above 97%. The mean end-to-end inference latency was 148.67 ms, and the resource usage was stable. The framework remains robust in both high-traffic and low-frequency attack scenarios, enhancing operator situational awareness through real-time visualizations. These results demonstrate a scalable, explainable, and operator-focused IDPS well suited for securing SC-IoV deployments against evolving threats. Full article