Cybersecurity Standards for Distributed Energy Resources

NREL leads and supports multiple efforts to develop cybersecurity standards, recommendations, and best practices for distributed energy resources (DERs) and inverter-based resources (IBRs).

Solar panels and wind turbines with plexus and connection dots

Through participation in broad stakeholder committees, NREL is contributing to universal cybersecurity guideline efforts for DERs and IBRs. NREL’s aim is to promote wider awareness around the current state of cybersecurity standards and deliver a well-tested reference for DER cybersecurity across the industry.

Projects

Securing Solar for the Grid (S2G) is a collaborative effort among NREL, Idaho National Laboratory, Sandia National Laboratories, and Pacific Northwest National Laboratory focused on achieving the highest level of cybersecurity maturity of solar technologies. Convened by the U.S. Department of Energy Solar Energy Technologies Office and co-led by NREL, S2G is building consensus around device, network, application, and system-level cybersecurity requirements for solar photovoltaics. Through coordinated investigations and feedback from key industry stakeholders, the project team is promoting awareness of current cybersecurity practices and is supporting the development of a cybersecurity certification standard. S2G is also developing cybersecurity tools to understand stakeholders’ cybersecurity posture, risk assessments to inform investments, and device design security and maturity models for supply chain testing. For more information, watch this YouTube video of the August 2024 Solar Supply Chain Workshop.

S2G’s industry advisory board meets biannually to discuss project progress, emerging challenges, and recommendations. Stakeholders interested in joining S2G’s industry advisory board can contact Danish Saleem, Emma Stewart, or Marissa Morales-Rodriguez.

In alignment with the National Standards Strategy for Critical and Emerging Technology, NREL is leading an effort to harmonize DER cybersecurity requirements across various standards development organizations, to address gaps in cybersecurity certification standards, and to coordinate with industry stakeholders to plot a path for DER cybersecurity. This project is funded by the U.S. Department of Energy’s Grid Modernization Initiative and is in collaboration with Idaho National Laboratory, Sandia National Laboratories, Underwriters Laboratories, and SolarEdge.

Stakeholders interested in joining the project’s industry advisory board can contact Danish Saleem.

NREL co-led the IEEE 1547.3 working group as vice chair to update an important guide for DER cybersecurity: IEEE 1547.3 Guide for Cybersecurity of DERs Interconnected With Electric Power Systems. This guide, which is now published, provides security recommendations for DER stakeholders and clarify the broad requirements of cybersecurity, going beyond the guidelines covered in IEEE 1547-2018. The cybersecurity recommendations proposed in the IEEE 1547.3 guide inform the next revision of the IEEE 1547-2025 standard.

IEEE 1547-2018—the standard for the interconnection and interoperability of DERs with associated electric power systems interfaces—was published in 2018 and did not mandate cybersecurity requirements at the DER interface. NREL is coleading an effort to update the cybersecurity portion of the IEEE 1547-2025 standard revision. The working group for standards revision represents contributors across the energy sector and research institutions, including utilities, national laboratories, aggregators, vendors, manufacturers, cloud service providers, and system integrators.

In collaboration with Underwriters Laboratories, NREL co-led the development of the cybersecurity requirements for testing and certifying DERs before being deployed and while in the field. These requirements are undergoing consensus development. Once published, the Underwriters Laboratories 2941 cybersecurity certification standard will help establish the principle of security by design for the next generation of technologies by ensuring they follow the cybersecurity pillars of confidentiality, integrity, availability, authentication, and nonrepudiation. The certification will integrate knowledge from all current and in-development DER and IBR-related standards and apply to distributed generation and storage technologies.

Learn more about the steps involved in developing the Underwriter Laboratories 2941 cybersecurity standard and where we’re at in the process.

Collaborations

Cybersecurity Advisory Team for State Solar

The Cybersecurity Advisory Team for State Solar project is an effort funded by the U.S. Department of Energy Solar Energy Technologies Office to identify model solar-cybersecurity programs and actions at the state level that enhance the security of solar deployments. Led by the National Association of Regulatory Utility Commissioners and the National Association of State Energy Officials, the advisory team is providing tools, access, and technical assistance to states, utilities, and the solar industry to develop cooperative cybersecurity strategies. Input from the effort will mitigate critical cyber risks of a fast-growing industry, including solar infrastructure, communications, and interconnection. NREL is supporting the effort with subject matter expertise.

SunSpec/Sandia Distributed Energy Resource Cybersecurity Work Group

SunSpec and Sandia National Laboratories are hosting a working group to advance the state of the art in DER cybersecurity. Because cybersecurity is a dynamic topic, especially so for the evolving solar industry, this working group convenes experts and research institutions to stay apprised of cybersecurity developments, define best practices and guidance in particular DER cybersecurity areas, and disseminate knowledge to utilities and other organizations. NREL is lending technical support, including contributions to a DER certification procedure that helped influence the new Underwriters Laboratories cybersecurity certification standard.

Publications

Gap Analysis of Supply Chain Cybersecurity for Distributed Energy Resources, NREL Technical Report (2023)

Supply Chain Cybersecurity Recommendations for Solar Photovoltaics, NREL Technical Report (2023)

Cybersecurity Guidance for Distributed Energy Resource Management Systems, Securing Solar for the Grid Workshop (2023)

Cyber Security for Distributed Energy Resources and DER Aggregators, North American Electric Reliability Corporation White Paper (2022)

Cybersecurity Certification Standard for Distributed Energy and Inverter-Based Resources, NREL Presentation to NASEO/NARUC Cybersecurity Advisory Team for State Solar (2022)

Cybersecurity in Photovoltaic Plant Operations, NREL Technical Report (2021)

Cybersecurity Certification Recommendations for Interconnected Grid Edge Devices and Inverter-Based Resources, NREL Technical Report (2021)

Cybersecurity of Distributed Energy Resource Systems: Cybersecurity Training for State Commissions, NARUC Cybersecurity Training Events for State Regulatory Commissioners (2021)

Cyber Security Primer for DER Vendors Aggregators and Grid Operators, Sandia National Laboratory Technical Report (2017)

Engage With Us

Share your feedback, get involved, or ask questions about our DER cybersecurity and standards work by contacting Danish Saleem.

Contact

Danish Saleem

Senior Cybersecurity Engineer and Team Lead; Energy, Security, and Resilience Center

Danish.Saleem@nrel.gov
720-404-5912

Share