Local energy markets (LEMs) face significant cybersecurity risks—including market manipulation, privacy leakage, and threats to distribution grid stability—due to their reliance on smart grid communication standards and inherently vulnerable IoT devices. This study is the first to systematically map LEM communication flows onto standardized frameworks (IEC 61850/62351), integrating protocol-level analysis, privacy-preserving market modeling, and multi-scenario network attack-defense simulations. Quantitatively, it demonstrates how adversaries can distort pricing mechanisms and demand response by tampering with metering data or injecting false signals. The work identifies three critical vulnerability classes and their propagation pathways, empirically confirming that market signals are systematically manipulable. Based on these findings, it proposes a layered defense strategy tailored for operators, end-users, and regulators—providing both theoretical foundations and empirical evidence to guide secure LEM architecture design.

Local Energy Markets (LEMs), though pivotal to the energy transition, face growing cybersecurity threats due to their reliance on smart grid communication standards and vulnerable Internet-of-Things (IoT)-enabled devices. This is a critical issue because such vulnerabilities can be exploited to manipulate market operations, compromise participants' privacy, and destabilize power distribution networks. This work maps LEM communication flows to existing standards, highlights potential impacts of key identified vulnerabilities, and simulates cyberattack scenarios on a privacy-preserving LEM model to assess their impacts. Findings reveal how attackers could distort pricing and demand patterns. We finally present recommendations for researchers, industry developers, policymakers, and LEM stakeholders to secure future LEM deployments.