Market Transformation and Planning Support
NREL's cybersecurity market transformation and planning support provides policymakers and energy stakeholders with tools, expertise, and technical assistance to improve the cybersecurity of emerging systems inclusive of distributed energy resources.
Capabilities
Risk Assessments and Management
NREL has a variety of custom tools to help organizations assess and improve the cybersecurity posture of their distributed energy deployments and meet formal assurance requirements for compliance:
The Distributed Energy Resource Cybersecurity Framework is a web-based tool that evaluates a facility's distributed energy resource cybersecurity and makes customized recommendations that follow widely recognized cybersecurity best practices.
The Distributed Energy Resource Risk Manager is a free, user-friendly tool that helps organizations and federal facilities navigate and implement the National Institute of Standards and Technology Risk Management Framework.
The Cybersecurity Value-at-Risk Framework provides hydropower operators with complete and customized assessments of their cybersecurity risks and demonstrates how different investments will help improve overall resilience.
Technical Assistance
NREL works with energy sector stakeholders to support the secure and resilient deployment of renewable energy assets and address grid interconnection challenges. Through tailored technical assistance, we help organizations improve their cybersecurity posture by reviewing cybersecurity and risk management processes; identifying gaps in policies, controls, and procedures; generating prioritized risk mitigation recommendations; and recognizing organization-specific workforce and cybersecurity awareness needs.
Security Controls Validation
The Advanced Research on Integrated Energy Systems (ARIES) Cyber Range can replicate entire energy systems to evaluate vulnerabilities and potential threats.
With the help of NREL researchers, organizations can use the ARIES Cyber Range to test and validate their security controls; enable technical implementation changes that improve the security, efficiency, and reliability of their core mission; and improve organizational decision-making for procurement and third-party risk.
Technology Validation
We work with cybersecurity technology companies to validate and expedite novel solutions to market using the ARIES Cyber Range. With connections to more than 20 MW of energy system hardware, the cyber range offers a safe, emulated environment to test technologies against realistic adversary scenarios.
Sector Engagement
In addition to decision support, we collaborate with the U.S. Department of Energy (DOE), other national laboratories, federal agencies, and industry to identify opportunities to improve the security of the electric grid against all hazards. These efforts include convening consortiums and multisector stakeholder groups to advance cybersecurity standards and share best practices.
Projects
Report on Cybersecurity of Distribution Systems
NREL is leading the development of a report on the cybersecurity of distribution systems on behalf of the U.S. DOE Office of Cybersecurity, Energy Security, and Emergency Response.
The Clean Energy Cybersecurity Accelerator convenes utilities and industry partners to identify urgent security gaps in the modern electric grid and accelerate novel cybersecurity solutions to market. Each cohort focuses on a different topic and goes through an accelerator period of 3–12 months, sharing ideas and threat intelligence before validating solutions in the ARIES Cyber Range.
The accelerator is sponsored by DOE's Office of Cybersecurity, Energy Security, and Emergency Response and is in collaboration with DOE's Office of Energy Efficiency and Renewable Energy.
NREL's Cyber100 Compass framework allows system planners to understand the risks associated with adding high levels of distributed energy resources to a system and how various security controls will impact those risks. This project is in partnership with Sandia National Laboratories and is sponsored by DOE's Office of Cybersecurity, Energy Security, and Emergency Response and DOE's Office of Electricity.
NREL researchers designed the Power Sector Cybersecurity Building Blocks framework to help a range of stakeholders improve the cybersecurity of the electric grid. The building blocks bring together a variety of applicable cybersecurity guides, standards, and frameworks into one user-friendly resource to help international stakeholders prioritize investments. This framework was developed through the U.S. Agency for International Development–NREL partnership.
Collaborations
In partnership with other national laboratories and industry, NREL is leading the way to new cyber-inclusive standards and practices for renewable, distributed, and inverter-based energy resources. By securing a minimum level of performance for new devices, standards raise the baseline cybersecurity of our grid.
Expanding on the national Wind Cybersecurity Consortium, the Hybrid Renewables Cybersecurity Consortium convenes key stakeholders from the wind, solar, and storage industries to support the secure development of hybrid energy systems through collaborative analysis, development, and information sharing. The consortium includes NREL, Idaho National Laboratory, and six wind industry and two solar industry organizations and is sponsored by DOE's Office of Cybersecurity, Energy Security, and Emergency Response.
The Renewable Energy and Storage Cybersecurity Research project is a multilaboratory effort to analyze and address cybersecurity concerns for hybrid energy systems through research and development and by leveraging the feedback from members of the Hybrid Renewables Cybersecurity Consortium.
The project team is building solar and energy storage reference architectures and developing a cyber-resilient design framework. These efforts will enable the consortium to study the problems stakeholders are facing with their systems and test solutions.
Work With Us
Through training, workshops, and one-on-one support, we help energy stakeholders implement our tools and identify vulnerabilities in systems or practices. Learn more about how to work with us.
Contact
Share