Steadily energy systems are going to be linked with web technologies, information, communication, and automation technologies. The connectivity aims to employ maximum benefit of the Industrial Internet of Things in the energy sector and accelerate the transition to clean energy systems. However, the continuous integration intensifies the complexities surrounding protection of critical infrastructures against cyber-physical attackers concerning both operational and monetary issues associated with electricity market operations. The diverse nature of cyber-physical attacks attributed to the different domains in energy systems drives security researchers to pursue a robust categorization of attacks depended on the attack surface on energy systems. However, most of the attack categorization found in the literature lack the flexibility or multidimensional categorisation. In this paper, a multidimensional taxonomy of security threats in energy systems is proposed for enhanced flexibility. Moreover, other taxonomies found in the literature are also examined according to our criteria.