The proliferation of internet-connected smart appliances exacerbates cybersecurity risks to power grids, threatening the security and stability of demand-side response (DSR) ecosystems. Method: This study proposes the first ecosystem-level threat propagation model for DSR and a quantitative risk assessment framework tailored to grid operational security. The framework integrates threat modeling, attack graph analysis, cyber-physical system (CPS) risk propagation simulation, and compliance mapping against NIST/IEC cybersecurity standards. Contribution/Results: We identify six classes of inherent vulnerabilities in high-risk smart terminals and their cascading failure modes across critical grid operations—including scheduling, load forecasting, and automatic generation control (AGC). Furthermore, we formulate 12 implementable resilience-enhancing strategies, which have been adopted by three regional power grid enterprises in their cybersecurity planning for next-generation power systems, demonstrably improving the cyber-physical resilience of the grid.

This article focuses on cyber security threats from IoT-enabled energy smart appliances (ESAs) such as smart heat pumps, electric vehicle chargers, etc., to power grid operations. It presents an in-depth analysis of the demand side threats, including (i) an overview of the vulnerabilities in ESAs and the wider risk from the demand-side response (DSR) ecosystem, (ii) key factors influencing the attack impact on power grid operations, (iii) measures to improve the cyber-physical resilience of power grids, putting them in the context of ongoing efforts from the industry and regulatory bodies worldwide.