Researchers in Moroco analyzed cybersecurity challenges in smart grids, highlighting AI-driven detection and defense strategies against threats like distributed denial-of-service, false data injection replay, and IoT-based attacks. They recommend multi-layered protections, real-time anomaly detection, secure IoT devices, and staff training to enhance resilience and safeguard power system operations.

Researchers at Morocco's Higher School of Technology, Moulay Ismail University, have conducted a comprehensive analysis of emerging cybersecurity challenges in power systems and detailed recent advances in detection and defense strategies.

Their work emphasizes the growing role of AI in enhancing control, protection, and resilience in modern smart grids. It also classifies cyber threats by origin, impact, and affected system layers to provide a structured understanding and reviews machine learning and optimization-based intrusion detection systems (IDSs) for power systems.

The researchers highlighted that renewable smart grids face diverse cyber threats that can disrupt operations and compromise data. Distributed denial-of-service (DDoS) attacks, for example, flood networks with traffic, blocking legitimate access and delaying control actions, while data integrity attacks manipulate sensor or control data, causing incorrect decisions or blackouts.

Additionally, replay attacks retransmit intercepted data to confuse the system, and false data injection attacks subtly alter real-time data to mimic normal operations while disrupting the grid. Covert attacks inject hidden signals that manipulate system behavior without detection, whereas IoT device-based attacks exploit vulnerabilities in meters or sensors to spread malware, steal data, or launch DoS attacks.

Finally, zero dynamics attacks leverage system models to generate hidden signals that leave output measurements unchanged but affect operations, posing sophisticated stealth threats to smart grid security.

Join us on Apr. 29 for pv magazine Webinar+ | Decoding the first massive cyberattack on Europe’s solar energy infrastructure – The Poland case and lessons learned

The researchers warned that while smart grids have improved energy efficiency and flexibility through advanced communication tools and distributed energy sources, they have also introduced new cyber vulnerabilities. Threats such as phishing, malware, denial-of-service (DoS) attacks, and false data injection (FDI) can disrupt operations, compromise data, and damage infrastructure.

They recommend implementing defense strategies that maintain confidentiality, integrity, and availability, while also incorporating authentication, authorization, privacy, and reliability. Machine learning and data-driven intrusion detection systems can help identify anomalies and detect FDI attacks in real time, particularly in smart grids and industrial control systems such as SCADA, which rely on accurate sensor measurements for state estimation.

The research team also encouraged energy asset owners and grid operators to adopt substation security measures and protocol vulnerability analyses to detect risks at the hardware and network levels. Blockchain, distributed ledgers, and Hilbert-Huang transform methods are highlighted as tools to further strengthen cybersecurity.

IoT devices, including sensors and smart meters, should be secured with strong authentication, safe boot procedures, frequent firmware updates, and standardized security across manufacturers. Sensitive grid data should be protected using techniques such as homomorphic encryption to maintain confidentiality during storage and transmission.

“A multi-tiered security approach that includes firewalls, intrusion detection systems, and network segmentation can enhance grid resilience. Extracting critical elements from vulnerable IoT devices and leveraging redundant control channels ensures operational continuity during attacks,” the researchers stated.

Machine learning and anomaly detection systems should be deployed to enable real-time identification of irregular activities, including FDI and malware propagation. Standardized protocols and rapid incident response measures should also support collaboration among grid operators, IoT manufacturers, and regulators, facilitated by information-sharing platforms.

The researchers emphasize that human-centered attacks, including phishing and social engineering, remain significant threats, but these can be mitigated through regular staff and user training.

The review was presented in “Cybersecurity challenges and defense strategies for next-generation power systems,” published in Cyber-Physical Energy Systems.