- Why should utilities prioritize DER cybersecurity?
- What technology and integration are at risk across DER and utility networks?
- How does the updated IEEE standard 1547-2018 affect cybersecurity for DER?
- What strategies are emerging to secure DER on the grid against cyberattacks?
- What are best practices for securing DER?
Strategic Priorities Drive Cybersecurity for Distributed Energy Resources
New global distributed energy resources (DER) deployment capacities—including distributed generation (DG), distributed energy storage, plug-in EV chargers, demand response (DR), and energy efficiency—are expected to continue to exceed the deployment of new centralized generation capacity growth. Unfortunately, without government regulation or widespread demand signaling from customers, cybersecurity is often an afterthought for rapidly scaling and distributed technologies. Utilities and owners and operators of DER should prioritize cybersecurity best practices and controls for DER to ensure safety, reliability, and resiliency for electricity generation and distribution.
Security vulnerabilities and concerns are routinely reported to DER vendors. The smarter and more integrated DER installations become, the more impactful cyber intrusions and events that compromise and manipulate DER systems are likely to be. Many states’ electricity governing bodies have adopted the updated IEEE Standard 1547-2018, which takes effect in January 2022. Its previous version did not regulate communications protocols beyond connection status and real and reactive power output monitoring of DER. The updated regulation is meant to coordinate technical requirements, capabilities, and functions for the increasing number of DER installations. Unfortunately, cybersecurity was considered to be out of scope for the standard.
This Guidehouse Insights report covers DER deployments as an expanding attack surface, with cyberattacks becoming increasingly common across the energy industry. The report discusses the updated IEEE Standard 1547-2018 and provides recommendations for industry stakeholders.
- DER hardware and software vendors
- Electric utilities
- Utility OEMs
- Electric utility industry associations
- OT cybersecurity vendors
- Investor community
DER Deployments Expanding the Cyberattack Surface
Cyberattacks Increasing Across the Energy Industry
Governing Bodies Adopting IEEE 1547-2018
Cybersecurity Needs to Be More than an Afterthought
Prioritize DER Cyber Risks
Develop More Robust Orchestration Systems
Promote Industry-Led Initiatives for Securing DER
Pursue More Robust PKI
Plan and Prepare for Incidents
- Cumulative DER Capacity by Technology, World Markets: 2021-2030
- New Energy Cloud Landscape
- New Cybersecurity Concepts Are Needed to Secure DER