Cybersecurity Risk Analysis for Decision Support

NREL's cybersecurity risk analysis capabilities for decision support provides policymakers and energy stakeholders with tools, expertise, and technical assistance to improve the cybersecurity of emerging systems inclusive of distributed energy resources.

Researchers discussing charts projected on a large screen.

Capabilities

Risk Assessments and Management

NREL has a variety of custom tools to help organizations assess and improve the cybersecurity posture of their distributed energy deployments and meet formal assurance requirements for compliance:

The Distributed Energy Resource Cybersecurity Framework is a web-based tool that evaluates a facility's distributed energy resource cybersecurity and makes customized recommendations that follow widely recognized cybersecurity best practices.

The Distributed Energy Resource Risk Manager is a free, user-friendly tool that helps organizations and federal facilities navigate and implement the National Institute of Standards and Technology Risk Management Framework.

The Cybersecurity Value-at-Risk Framework provides hydropower operators with complete and customized assessments of their cybersecurity risks and demonstrates how different investments will help improve overall resilience.

Technical Assistance

NREL works with energy sector stakeholders to support the secure and resilient deployment of renewable energy assets and address grid interconnection challenges. Through tailored technical assistance, we help organizations improve their cybersecurity posture by reviewing cybersecurity and risk management processes; identifying gaps in policies, controls, and procedures; generating prioritized risk mitigation recommendations; and recognizing organization-specific workforce and cybersecurity awareness needs.

Security Controls Validation

The Advanced Research on Integrated Energy Systems (ARIES) Cyber Range can replicate complex energy systems to evaluate vulnerabilities and potential threats.

With the help of NREL researchers, organizations can use the ARIES Cyber Range to test and validate their security controls; enable technical implementation changes that improve the security, efficiency, and reliability of their core mission; and improve organizational decision-making for procurement and third-party risk.

Technology Validation

We work with cybersecurity technology companies to validate and expedite novel solutions to market using the ARIES Cyber Range. With connections to more than 20 MW of energy system hardware, the cyber range offers a safe, emulated environment to test technologies against realistic adversary scenarios.

Sector Engagement

In addition to decision support, we collaborate with the U.S. Department of Energy (DOE), other national laboratories, federal agencies, and industry to identify opportunities to improve the security of the electric grid against all hazards. These efforts include convening consortiums and multisector stakeholder groups to advance cybersecurity standards and share best practices.

Projects

Report on Cybersecurity of Distribution Systems

NREL is leading the development of a report on the cybersecurity of distribution systems on behalf of the U.S. DOE Office of Cybersecurity, Energy Security, and Emergency Response.

Stock image of the North American continent with lines going across the image.

The Clean Energy Cybersecurity Accelerator convenes utilities and industry partners to identify urgent security gaps in the modern electric grid and accelerate novel cybersecurity solutions to market. Each cohort focuses on a different topic and goes through an accelerator period of 3–12 months, sharing ideas and threat intelligence before validating solutions in the ARIES Cyber Range.

The accelerator is sponsored by DOE's Office of Cybersecurity, Energy Security, and Emergency Response and is in collaboration with DOE's Office of Energy Efficiency and Renewable Energy.

NREL researchers designed the Power Sector Cybersecurity Building Blocks framework to help a range of stakeholders improve the cybersecurity of the electric grid. The building blocks bring together a variety of applicable cybersecurity guides, standards, and frameworks into one user-friendly resource to help international stakeholders prioritize investments. This framework was developed through the U.S. Agency for International Development–NREL partnership.

Collaborations

In partnership with other national laboratories and industry, NREL is leading the way to new cyber-inclusive standards and practices for renewable, distributed, and inverter-based energy resources. By securing a minimum level of performance for new devices, standards raise the baseline cybersecurity of our grid.

The Renewable Energy and Storage Cybersecurity Research project analyzes and seeks to address cybersecurity concerns for wind, solar, and energy storage systems. The project brings together experts from industry, federal entities, and national labs to create methodologies, architectures, and educational material that address cybersecurity for renewable energy sectors. By taking a holistic, systemwide approach, the project aims to build cyber-resilient renewable energy infrastructure through research, education, and collaboration. This project is funded by the U.S. Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response and led by NREL.

Work With Us

Through training, workshops, and one-on-one support, we help energy stakeholders implement our tools and identify vulnerabilities in systems or practices. Learn more about how to work with us.

Contact

Tami Reynolds

Manager, Cyber Risk Optimization Group

tami.reynolds@nrel.gov
303-275-3887

Share