The digital transformation of electric power systems into smart grids has significantly expanded the cybersecurity risk landscape of the energy sector. While advanced sensing, communication, automation, and data-driven control improve efficiency, flexibility, and renewable energy integration, they also introduce complex cyber–physical interdependencies and new vulnerabilities across interconnected technical and organisational domains. This study adopts a scoping review methodology in accordance with PRISMA-ScR to systematically analyse smart grid cybersecurity from an architecture-aware and resilience-oriented perspective. Peer-reviewed scientific literature and authoritative institutional sources are synthesised to examine modern smart grid architectures, key security challenges, major cyberthreats, and documented real-world cyber incidents affecting energy infrastructure up to 2025. The review systematically links architectural characteristics such as field devices, communication networks, software platforms, data pipelines, and externally operated services to specific threat mechanisms and observed attack patterns, illustrating how cyber risk propagates across interconnected grid components. The findings show that cybersecurity challenges in smart grids arise not only from technical vulnerabilities but also from architectural dependencies, software supply chains, operational constraints, and cross-sector coupling. Based on the analysis of historical incidents and emerging research, the study identifies key defensive strategies, including zero-trust architectures, advanced monitoring and anomaly detection, secure software lifecycle management, digital twins for cyber–physical testing, and cyber-resilient grid design. The review concludes that cybersecurity in smart grids should be treated as a systemic and persistent condition, requiring resilience-oriented approaches that prioritise detection, containment, recovery, and safe operation under adverse conditions.
Jørgensen et al. (Sun,) studied this question.