Securing the Industrial Internet of Things

Download the Practice Guide

The NCCoE has released the draft version of NIST Cybersecurity Practice Guide SP 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources. Use the button below to view this publication in its entirety or scroll down for links to a specific section.

Download the PDF » Comment »

Current Status

The NCCoE released for public comment a draft of NIST SP 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources. Comments on this publication are being accepted now through October 20, 2021 and may be submitted using the online comment form

  • SP 1800-32A: Executive Summary (PDF)
  • SP 1800-32B: Approach, Architecture, and Security Characteristics (PDF)
  • SP 1800-32C: How-To Guides (PDF)

Or download the complete guide (PDF).

If you have questions or would like to join our Community of Interest, please email the project team at

Supplemental Resources

Flyer: Read the Securing Distributed Energy Resources one-page flyer to learn about the cybersecurity capabilities demonstrated in the project.

Fact Sheet: Read the two-page fact sheet for a brief overview of this project.

Video Overview: The NCCoE and our project collaborators presented a brief overview of the example solution detailed in NIST SP 1800-32 to the Sandia National Laboratory/SunSpec Alliance Distributed Energy Resources Working Group, followed by a question and answer session. 

Waterfall Industrial Security Podcast: Internet communications are creeping into electric distribution systems. The NCCoE's Jim McCarthy and Don Faatz join Waterfall's Andrew Ginter and Nate Nelson to talk about the cybersecurity challenges and opportunities for securing distributed energy resources. Listen now.


The Industrial Internet of Things (IIoT) refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and industrial sectors. In the energy sector, distributed energy resources (DERs), such as solar photovoltaics, introduce information exchanges between a utility’s distribution control system and the DERs to manage the flow of energy in the distribution grid. These information exchanges often employ IIoT technologies that may lack communications security.  Additionally, the operating characteristics of DERs are dynamic and significantly different from those of traditional power generation capabilities. Timely management of DER capabilities often requires a higher degree of automation. Introduction of additional automation into DER management and control systems can also introduce cybersecurity risks. Managing the automation, the increased need for information exchanges, and the cybersecurity associated with these presents significant challenges.

The National Cybersecurity Center of Excellence built a reference architecture using commercially available products to show organizations how several cybersecurity capabilities can be applied to protect distributed end points and reduce the IIoT attack surface for DERs.

Our goal in this project was to document an approach for improving the overall security of IIoT in a DER environment that addresses the following areas of interest:

  • The information exchanges between and among DER systems and distribution facilities/entities, and the cybersecurity considerations involved in these interactions. 
  • The processes and cybersecurity technologies needed for trusted device identification and communication with other devices.
  • The ability to provide malware prevention, detection, and mitigation in operating environments where information exchanges are occurring. 
  • The mechanisms that can be used for ensuring the integrity of command and operational data and the components that produce and receive this data.  
  • Data-driven cybersecurity analytics to help owners and operators securely perform necessary tasks.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Radiflow logo
TDI Technologies logo