Designing a zero-trust cybersecurity architecture for smart grid communication systems to safeguard critical energy infrastructure

The modernization of electricity grids through cloud computing has introduced unprecedented efficiency, scalability, and resilience to power delivery. However, it has also exposed critical infrastructure to new cyber threats. Nowhere is this duality more evident than in California, where utilities such as Southern California Edison (SCE) and regional operators like the California Independent System Operator (CAISO) are integrating cloud-native systems into smart grid operations. As these platforms interface with distributed energy resources, IoT-enabled metering, and edge analytics, traditional perimeter-based cybersecurity models are proving insufficient. This study proposes a Zero-Trust Penetration Architecture tailored for cloud-enabled smart grids, using California's energy infrastructure as a case example. The architecture incorporates identity-aware micro-segmentation, policy-based access controls, encrypted telemetry, and continuous authentication across cloud-OT boundaries. Through simulated attack scenarios involving ICS honeypots, cloud API vulnerability modeling, and telemetry breach analysis, the study quantifies improvements in breach containment, lateral threat resistance, and policy enforcement efficacy. Results demonstrate that zero-trust frameworks significantly reduce dwell time and unauthorized access spread in grid systems. The findings underscore the need for utilities—particularly those operating in high-risk, high-integration regions like California—to adopt ZTA-compliant security models in line with NIST 800-207 and evolving NERC-CIP standards.