Cybersecurity Risk Analysis for Decision Support

NLR's cybersecurity risk analysis capabilities for decision support provides policymakers and energy stakeholders with tools, expertise, and technical assistance to improve the cybersecurity of emerging systems inclusive of distributed energy resources.

Researchers discussing charts projected on a large screen.

Capabilities

Risk Assessments and Management

NLR has a variety of custom tools to help organizations assess and improve the cybersecurity posture of their distributed energy deployments and meet formal assurance requirements for compliance:

The Distributed Energy Resource Cybersecurity Framework is a web-based tool that evaluates a facility's distributed energy resource cybersecurity and makes customized recommendations that follow widely recognized cybersecurity best practices.

The Distributed Energy Resource Risk Manager is a free, user-friendly tool that helps organizations and federal facilities navigate and implement the National Institute of Standards and Technology Risk Management Framework.

The Cybersecurity Value-at-Risk Framework provides hydropower operators with complete and customized assessments of their cybersecurity risks and demonstrates how different investments will help improve overall resilience.

Technical Assistance

NLR works with energy sector stakeholders to support the secure and resilient deployment of energy assets and address grid interconnection challenges. Through tailored technical assistance, we help organizations improve their cybersecurity posture by reviewing cybersecurity and risk management processes; identifying gaps in policies, controls, and procedures; generating prioritized risk mitigation recommendations; and recognizing organization-specific workforce and cybersecurity awareness needs.

Security Controls Validation

The Advanced Research on Integrated Energy Systems (ARIES) Cyber Range can replicate complex energy systems to evaluate vulnerabilities and potential threats.

With the help of NLR researchers, organizations can use the ARIES Cyber Range to test and validate their security controls; enable technical implementation changes that improve the security, efficiency, and reliability of their core mission; and improve organizational decision-making for procurement and third-party risk.

Technology Validation

We work with cybersecurity technology companies to validate and expedite novel solutions to market using the ARIES Cyber Range. With connections to more than 20 MW of energy system hardware, the cyber range offers a safe, emulated environment to test technologies against realistic adversary scenarios.

Sector Engagement

In addition to decision support, we collaborate with the U.S. Department of Energy (DOE), other national laboratories, federal agencies, and industry to identify opportunities to improve the security of the electric grid against compounding risks and hazards. These efforts include convening consortiums and multisector stakeholder groups to advance cybersecurity standards and share best practices.

Projects

Report on Cybersecurity of Distribution Systems

NLR is leading the development of a report on the cybersecurity of distribution systems on behalf of the U.S. DOE Office of Cybersecurity, Energy Security, and Emergency Response.

Stock image of the North American continent with lines going across the image.

The Critical Energy Cybersecurity Accelerator convenes utilities and industry partners to identify urgent security gaps in the modern electric grid and accelerate novel cybersecurity solutions to market. Each cohort focuses on a different topic and goes through an accelerator period of 3–12 months, sharing ideas and threat intelligence before validating solutions in the ARIES Cyber Range.

The accelerator is sponsored by DOE's Office of Cybersecurity, Energy Security, and Emergency Response.

NLR researchers designed the Power Sector Cybersecurity Building Blocks framework to help a range of stakeholders improve the cybersecurity of the electric grid. The building blocks bring together a variety of applicable cybersecurity guides, standards, and frameworks into one user-friendly resource to help international stakeholders prioritize investments. This framework was developed through the U.S. Agency for International Development–NLR partnership.

Collaborations

In partnership with other national laboratories and industry, NLR is leading the way to new cyber-inclusive standards and practices for renewable, distributed, and inverter-based energy resources. By securing a minimum level of performance for new devices, standards raise the baseline cybersecurity of our grid.

The Renewable Energy and Storage Cybersecurity Research project analyzes and seeks to address cybersecurity concerns for wind, solar, and energy storage systems. The project brings together experts from industry, federal entities, and national labs to create methodologies, architectures, and educational material that address cybersecurity for renewable energy sectors. By taking a holistic, systemwide approach, the project aims to build cyber-resilient renewable energy infrastructure through research, education, and collaboration. This project is funded by the U.S. Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response and led by NLR.

Work With Us

Through training, workshops, and one-on-one support, we help energy stakeholders implement our tools and identify vulnerabilities in systems or practices. Learn more about how to work with us.

Contact

Tami Reynolds

Manager, Cyber Risk Optimization Group

[email protected]
303-275-3887

Share

Last Updated Dec. 6, 2025