**1. Introduction**

The sustainable flow of energy, or in other words, energy security, in the field of electrical supply systems, does not always rely on the physical availability of resources. Today's technical challenges are extended to include the constant equilibration of demand–supply systems in terms of electricity quality and cyber security.

Upgrading the electrical network has not been as dynamic as it should be. With technology being implemented in almost every area of our modern life and smart applications growing in scope and complexity, the power sector makes its steps towards the smart grid at a pace of an extreme cautiousness.

The bidirectional flow of power and information generated and monitored by highly advanced types of equipment and mechanisms signifies the new generation of the energy networks. Smart grids are expected to deliver tangible progress to our conventional power systems on both aspects of efficiency and reliability, all together with integrating the maximum share of renewable resources reinforced by distributed intelligent and demand-side managemen<sup>t</sup> techniques [1,2].

Changes will give the consumers and prosumers a wider range of choices and accord them with the possibility to actively participate in the optimizing operation of the system, by means of providing them with detailed instructions on how to better use their supply and act as authorized partners.

Smart grid benefits can also be extended to enrich the coupled economic sector through reducing operational costs and losses, generating new job opportunities, and reformulating the face of the energy market with time-based pricing and a more accurate speculation of demand and response profiles [3], in a time where electricity price forecasts have become a fundamental input and an important tool for decision-making mechanisms of the energy service provider companies.

But yet, the complexity level of the actual power networks and the critical role that it plays in every domain form a double-edged challenge—especially when the introduced technologies might itself be the source of threat.

New types of communication and data-management systems must handle not just the di fferent emerging media trends and smart equipment (e.g., computer-based or microprocessor-based), it also needs to cope with existing legacy systems [4] in a manner that is adjustable to scalability and above all, resistant to cyber intrusion [5]. To this end, smart grids have to come as a complementary solution and not an eliminating or excluding one. These technical uncertainties, plus the additional investment costs, have evoked the political reluctance practiced by energy operators against this shift.

Europe has been working on energy transition and smart grids since 2005, starting by creating the smart grid technology platform which has set the year 2020 as a horizon to complete the process [2]. There were also several initiatives that carried out the development of experimental testbeds for smart grids solutions which aimed to highlight the most critical challenges and potentials accompanied by this evolution and their influence on the European power systems. Nevertheless, a further and more holistic analysis that is based on a profound technical understanding of each individual system architecture and basically includes the impact of both social and economic aspects on such heterogeneous systems, is ye<sup>t</sup> to be accomplished in order to be able to trade-o ff between the existing approaches and pilot experiences, choosing a unique and valid experience that is suitable to be scaled up and replicated [6].

On the other hand, a very promising approach to overcome the majority of previous issues appears through energy communities, in which current grid problems are managed in a coordinated way such that avoiding costly network reinforcement along with maintaining aspired values of the smart grid. That is why we might be able to envisage the future smart grid as a sort of aggregation of multiple integrated entities or microgrids supervised, monitored, and controlled via a reliable communication-based layer. Accordingly, the increasing interest in microgrid development as the core of the smart grid systems is completely justified [7], although this increasing interdependency between physical and nonphysical power system components, which forms the so-called cyber-physical systems, raises a whole new level of complications.

In this work we closely examine the existing approaches to address the cyber-physical security in power systems with focusing on microgrids.

The structure of the paper is organized as follows; the second section describes the gradient evolution of the concept of the cyber threat, starting from the attacks targeting industrial control down to the electrical grid. Later, the third section elaborates on standardized definitions and terminology choices for the contemporary problematic challenges. In section four, we move on to the actual issues and case studies that occupy the researchers' attention from di fferent viewpoints. Finally, we conclude by providing some insights about the unsettled challenges in addition to realistic recommendations in the light of the presented argument.

#### **2. Industrial Cybersecurity Incidents Emergence**

The 21st century witnessed the initiation of various cyber incidents a ffecting sensitive infrastructures. The discovered complexity of cyber-attacks on Industrial Control Systems (ICS) revealed the dexterity level of the attackers in Industrial Con [8].

The smart grid internet interconnection subjects the grid to di fferent forms of hazards, particularly with regard to Advanced Persistent Threats (APT), Distributed-Denial-of-Service (DDoS), botnets, and zero-days. Stuxnet, Duqu, Red October, or Black Energy are only a few examples of the advent mayhems touching industrial security since 2010 [3].

Stuxnet, the worm that caused the first reported cyber-physical incident, was discovered by a senior researcher at Kaspersky Lab, Roel Schouwenberg, in June 2010. With a purpose that was beyond stealing, erasing or modifying data, Stuxnet endeavored to cause material sabotage in the supervisory control and data acquisition (SCADA) system as a physical industrial control system. It was regarded as the first cyber-warfare weapon to encompass a complex piece of malware that has infected an estimated 50,000 to 100,000 computers mostly found in Iran, Indonesia, India, and Azerbaijan [9].

Duqu and Flame, another two worms intended towards industrial control systems, were observed more than a year after Stuxnet. Despite the similarities in code source with Stuxnet, they had di fferent objectives. Duqu was designed to track and gather useful information that would help to compromise the opted industrial control set. Flame or Flamer was a more sophisticated malware, especially developed for cyber espionage on these networks. Spotted cases were mainly located in Iran and other countries of the Middle East [10].

In December 2015, a cyber attack on Ukraine's power system has procured a wide-area outage, affecting around 225,000 customers. The attack was associated with a new variant of Black Energy Trojan named Disakil [3]. According to reports issued by power companies, the SANS institute and Electricity Information Sharing and the Analysis Center (E-ISAC), the problem started several months before the actual attack by installing the malware through phishing emails. At this period, the hackers only monitored and collected valuable information about the system operation during what is usually called the reconnaissance phase. On the day of the incident, the attackers took control over the Human–Machine Interface (HMI) and cut the power by opening a certain number of breakers. In order to intercept the service restoration, a denial of service (DoS) attack on the communication network, additionally to the classic telephone lines, was employed to prevent the clients from reporting the problem. Even applications that determined the outage extent were blocked by the malware that was able to recognize the system softwares [11,12].

One year earlier, the same threat agents were identified by the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) during an attempt to penetrate the U.S. electric sector. Despite the fact that the attack, in this case, never happened, it definitely attracted attention on the future potentials of the cyber threats on a sector of utmost vitality [9].

#### **3. Definitions and Overview**
