NCCoE to Address Cybersecurity Challenges of Distributed Energy Resources

Eight Companies Invited to Demonstrate Practical, Standards-Based Cybersecurity for Distributed, Grid-Connected Assets

Anterix, BlackRidge Technology, Cisco, Radiflow, Spherical Analytics, Sumo Logic, TDi Technologies, and Xage Security have joined the National Cybersecurity Center of Excellence (NCCoE) as technology collaborators in the Securing the Industrial Internet of Things (IIoT): Cybersecurity for Distributed Energy Resources Project.*

In response to a call in the Federal Register, these companies submitted capabilities that aligned with desired solution characteristics listed in the project description and were invited to collaborate with the NCCOE. By signing a cooperative research and development agreement (see example), they will collaborate in a newly established consortium and contribute products and expertise to create a standards-based reference design for IIoT cybersecurity focused on data integrity.  

This collaboration will result in a publicly available National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide (Special Publication 1800 series), which will document the reference design for securing IIoT in commercial- and/or utility-scale distributed energy resource (DER) environments and will include an example solution that uses existing, commercially available cybersecurity products.

The U.S. Power Grid is Moving Toward a Future Full of DERs

Use of DERs—such as wind and solar photovoltaics—is growing and transforming the traditional power grid. As the use of DERs expands, the distribution network is changing from a single-source radial network to a multisource grid of devices and systems. Proper management of these devices and their power flows is heavily dependent on digital communication and control across public communication networks. DER integration—driven by IIoT devices, data flow, and information management—poses a widening attack surface and growing cybersecurity challenge for the energy sector.

This NCCoE project will focus on helping energy companies secure IIoT information exchanges of DERs in their operating environments. The solution will use security controls that map to the NIST Cybersecurity Framework and industry standards and best practices. The project will result in a freely available NIST cybersecurity practice guide and document an approach for improving the overall security of IIoT in a DER environment. The project will address the following areas of interest:

  • the information exchanges between and among DER systems and distribution facilities/entities and the cybersecurity considerations involved in these interactions
  • the processes and cybersecurity technologies needed for trusted device identification and communication with other devices
  • the ability to provide malware prevention, detection, and mitigation in operating environments where information exchanges are occurring
  • the mechanisms that can be used for protecting both system and data transmission components 
  • data-driven cybersecurity analytics to help owners and operators securely perform necessary tasks

How to Participate

Interested parties are encouraged to engage with us through our project web page.

If you have additional comments or questions or would like to join the Community of Interest helping to guide this project and providing feedback, please email us at energy_nccoe@nist.gov.

 

*Certain commercial entities, equipment, products, or materials may be identified to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.