As increasing amounts of distributed energy resources (DERs) are introduced to the bulk power system, the electric grid is transforming. Compared to traditional centralized generation, DER systems result in complex, data-driven communications networks, requiring careful coordination of such systems—and constant vigilance to ensure the assets of our grid are secure.
Recognizing that, and with support from U.S. Department of Energy Federal Energy Management Program (FEMP), the National Renewable Energy Laboratory (NREL) developed the Distributed Energy Resources Cybersecurity Framework (DERCF). The DERCF is available as both a written guidePDF and a web-based application, and it is designed to help users pinpoint gaps in their distributed energy systems’ cybersecurity—based on unique facilities, personnel, and operational procedures. After providing a score, the tool also develops customized action plans for users to improve their organization’s security controls and practices.
“Our goal is to bring value to federal agencies and other organizations,” said Tami Reynolds, NREL project manager and principle investigator for the DERCF. “With the user-friendly interface, comprehensive scoring, and robust set of mitigations that the tool provides, we’re helping organizations avoid the potential of cyber-related costs from security gaps that might otherwise go unnoticed.”
The DERCF fills a critical gap and expands upon existing cybersecurity frameworks, including the U.S. Department of Energy’s Cybersecurity Capability Maturity Model, the National Institute of Standards and Technology’s cybersecurity framework, and other standards established by the U.S. Department of Homeland Security, the Department of Defense, and the International Electrotechnical Commission.
The development team behind the making of the tool hopes that the DERCF can help organizations get ahead of cyber adversaries, while transitioning to a more modern, distributed energy future.