Strategic Priorities Drive Cybersecurity for Distributed Energy Resources

New global distributed energy resources (DER) deployment capacities—including distributed generation (DG), distributed energy storage, plug-in EV chargers, demand response (DR), and energy efficiency—are expected to continue to exceed the deployment of new centralized generation capacity growth. Unfortunately, without government regulation or widespread demand signaling from customers, cybersecurity is often an afterthought for rapidly scaling and distributed technologies. Utilities and owners and operators of DER should prioritize cybersecurity best practices and controls for DER to ensure safety, reliability, and resiliency for electricity generation and distribution.

Security vulnerabilities and concerns are routinely reported to DER vendors. The smarter and more integrated DER installations become, the more impactful cyber intrusions and events that compromise and manipulate DER systems are likely to be. Many states’ electricity governing bodies have adopted the updated IEEE Standard 1547-2018, which takes effect in January 2022. Its previous version did not regulate communications protocols beyond connection status and real and reactive power output monitoring of DER. The updated regulation is meant to coordinate technical requirements, capabilities, and functions for the increasing number of DER installations. Unfortunately, cybersecurity was considered to be out of scope for the standard.

This Guidehouse Insights report covers DER deployments as an expanding attack surface, with cyberattacks becoming increasingly common across the energy industry. The report discusses the updated IEEE Standard 1547-2018 and provides recommendations for industry stakeholders.