Guide to the Distributed Energy Resources Cybersecurity Framework

Guide to the Distributed Energy Resources Cybersecurity FrameworkCharisa Powell, Konrad Hauck, Anuj Sanghvi, Adarsh Hasandka, Joshua Van Natta, and Tami Reynolds

Publisher National Renewable Energy Laboratory

Overview: In May 2018, the U.S. Department of Energy (DOE) released its Cybersecurity Strategy (DOE 2018), a multiyear plan specifically regarding cybersecurity in the energy sector. The framework outlined in this report aligns with strategies identified in the DOE cybersecurity strategy to deliver cybersecurity solutions and continually improve cybersecurity posture. Researchers from federal facilities and industry can now make use of this framework, the Distributed Energy Resources Cybersecurity Framework (DERCF), through a web-based application. The application presents users with questions regarding their organization’s security controls, practices pertaining to the use of such controls, and application to distributed energy resources (DERs) in the following categories:

  • Cyber governance
  • Cyber-physical technical management
  • Physical security of DER devices.

DERs contribute to increased connectivity within energy systems and their components, thus increasing the attack surface that a threat actor can target. A standardized procedure to assess DER cybersecurity falls behind the rapid pace of DER adoption. The DERCF web application will draw from users’ responses to generate a score that gauges the current state of DER cybersecurity in organizations and prioritizes recommended action items to help improve an organization’s security controls and practices.

Download