Securing Distributed Energy Resources

Industrial Internet of Things (IIoT) devices at the grid edge are increasing rapidly and transforming the power grid. Their connectivity, the conduit through which they can become vulnerable, is an emerging cyber threat to the distribution grid.

Cybersecurity guidance to help energy companies protect IIoT data integrity and communications

Distribution grid operators must protect the digital communication, data, and control of cyber-physical grid-edge devices. The NCCoE collaborated with stakeholders in the electricity sector, the University of Maryland, and cybersecurity technology vendors to build a laboratory environment that represents a distribution utility interconnected with a campus distributed energy resource (DER) microgrid. Using this environment, we explored how information exchanges between commercial- and utility-scale DERs and the electric distribution grid can be monitored, trusted, and protected.
Status: Finalized Guidance

Project Abstract

Protecting IIoT devices at the grid edge is arguably one of the more difficult tasks in cybersecurity. There is a wide variety of devices, many of which are deployed and operate in a highly specific manner.

In the energy sector, DERs such as solar photovoltaics introduce information exchanges between a utility’s distribution control system and the DERs to manage the flow of energy in the distribution grid. These information exchanges often use IIoT technologies that may lack communications security. Additionally, the operating characteristics of DERs are dynamic and significantly different from those of typical power generation capabilities. Timely management of DER capabilities often requires a higher degree of automation. Managing the automation, the increased need for information exchanges, and the cybersecurity associated with these presents significant challenges.

The NCCoE is building an example solution focused on helping energy companies secure IIoT information exchanges of DERs in their operating environment that demonstrates the following capabilities:

  • authentication and access control to ensure that only known, authorized systems can exchange information
  • communications and data integrity to ensure that information is not modified in transit
  • malware detection to monitor information exchanges and processing to identify potential malware infections
  • command register that maintains an independent, immutable record of information exchanges between distribution and DER operators
  • behavioral monitoring to detect deviations from operational norms
  • analysis and visualization processes to monitor data, identify anomalies, and alert operators

Read the project description

Protecting IIoT devices at the grid edge is arguably one of the more difficult tasks in cybersecurity.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Supplemental Resources

The NCCoE and our project collaborators presented a brief overview of the example solution detailed in NIST SP 1800-32 to the Sandia National Laboratory/SunSpec Alliance Distributed Energy Resources Working Group, followed by a question and answer session in the video.

Additionally, the following resources are available:

Flyer: Read the Securing Distributed Energy Resources one-page flyer to learn about the cybersecurity capabilities demonstrated in the project.

Fact Sheet: Read the two-page fact sheet for a brief overview of this project.

Waterfall Industrial Security Podcast: Internet communications are creeping into electric distribution systems. The NCCoE's Jim McCarthy and Don Faatz join Waterfall's Andrew Ginter and Nate Nelson to talk about the cybersecurity challenges and opportunities for securing distributed energy resources. Listen now.

Metal arrow pointing upward

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name