This paper presents a comprehensive survey of existing cyber security solutions for fog-based smart grid SCADA systems. We start by providing an overview of the architecture and the concept of fog-based smart grid SCADA systems and its main components. According to security requirements and vulnerabilities, we provide a classification of these solutions into four categories, including authentication solutions, privacy-preserving solutions, key management systems, and intrusion detection systems. For each category, we describe the essence of the methods and provide a classification with respect to security requirements. Therefore, according to the machine learning methods used by the intrusion detection system (IDS), we classify the IDS solutions into nine categories, including deep learning-based IDS, artificial neural networks-based IDS, support vector machine-based IDS, decision tree-based IDS, rule-based IDS, Bloom filter-based IDS, random forest-based IDS, random subspace learning-based IDS, and deterministic finite automaton-based IDS. The informal and formal security analysis techniques used by the cyber security solutions are tabulated and summarized. In addition, we provide a taxonomy of attacks tackled by privacy-preserving and authentication solutions in the form of tables. Based on the present study, several proposals for challenges and research issues such as detecting false data injection attacks are discussed at the end of the paper. (C) 2020 Elsevier Ltd. All rights reserved.