Securing the Industrial Internet of Things

Download the Practice Guide

The NCCoE has released the preliminary draft version of NIST Cybersecurity Practice Guide SP 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources. Use the buttons below to view Volumes A and B or to comment. Work continues on Volume C of this practice guide.

Access Guide » Comment »

Current Status

The NCCoE released for public comment a preliminary draft of Volumes A and B of NIST SP 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources. Implementation of the example solution at the NCCoE is ongoing. We are providing this preliminary draft to gather valuable feedback and inform stakeholders of the progress of the project. The project team in now reviewing all feedback received during the public comment period.

  • SP 1800-32A: Executive Summary (PDF)
  • SP 1800-32B: Approach, Architecture, and Security Characteristics (PDF)
  • SP 1800-32C: How-To Guides (under development)

If you have questions or would like to join our Community of Interest, please email the project team at

Supplemental Resources

Flyer: Read the Securing Distributed Energy Resources one-page flyer to learn about the cybersecurity capabilities demonstrated in the project.

Fact Sheet: Read the two-page fact sheet for a brief overview of this project.

Video Overview: The NCCoE and our project collaborators presented a brief overview of the example solution detailed in NIST SP 1800-32 to the Sandia National Laboratory/SunSpec Alliance Distributed Energy Resources Working Group, followed by a question and answer session. 

Waterfall Industrial Security Podcast: Internet communications are creeping into electric distribution systems. The NCCoE's Jim McCarthy and Don Faatz join Waterfall's Andrew Ginter and Nate Nelson to talk about the cybersecurity challenges and opportunities for securing distributed energy resources. Listen now.


The Industrial Internet of Things, or IIoT, refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and industrial sectors. In the energy sector, distributed energy resources (DERs), such as solar photovoltaics and wind turbines, introduce information exchanges between a utility’s distribution control system and the DERs to manage the flow of energy in the distribution grid. These information exchanges often employ IIoT technologies that may lack communications security.  Additionally, the operating characteristics of DERs are dynamic and significantly different from those of traditional power generation capabilities. Timely management of DER capabilities often requires a higher degree of automation. Introduction of additional automation into DER management and control systems can also introduce cybersecurity risks. Managing the automation, the increased need for information exchanges, and the cybersecurity associated with these presents significant challenges.

The National Cybersecurity Center of Excellence (NCCoE) is proposing a project that will focus on helping energy companies secure IIoT information exchanges of DERs in their operating environments. As an increasing number of DERs are connected to the grid there is a need to examine the potential cybersecurity concerns that may arise from these interconnections.  

Our goal in this project is to document an approach for improving the overall security of IIoT in a DER environment that will address the following areas of interest:

  • The information exchanges between and among DER systems and distribution facilities/entities, and the cybersecurity considerations involved in these interactions. 
  • The processes and cybersecurity technologies needed for trusted device identification and communication with other devices.
  • The ability to provide malware prevention, detection, and mitigation in operating environments where information exchanges are occurring. 
  • The mechanisms that can be used for ensuring the integrity of command and operational data and the components that produce and receive this data.  
  • Data-driven cybersecurity analytics to help owners and operators securely perform necessary tasks.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Radiflow logo
TDI Technologies logo