Cybersecurity Standards for Distributed Energy Resources

NREL leads and supports multiple efforts to develop cybersecurity standards and consensus for distributed energy resources (DERs) and inverter-based resources.

Solar panels and wind turbines with plexus and connection dots

NREL's work involves participation in broad stakeholder committees to create universal guidelines across all applications of DER cybersecurity. NREL is helping lead a revision of IEEE Standard 1547.3, the guidance for cybersecurity of DERs that interface with the power system, as well as steering a certification standard alongside Underwriters Laboratories Inc. (UL) for the next generation of DER hardware. Such standards development will promote wider awareness around the current state of cybersecurity standards and deliver a well-tested reference for DER cybersecurity across the industry.


NREL is leading an IEEE 1547.3 working group to update an important guide for DER cybersecurity: "IEEE 1547.3 Guide for Cybersecurity of DERs Interconnected With Electric Power Systems." The working group is revising 1547.3 to provide necessary and optional recommendations in the form of a guide for DER interconnections. The updated cybersecurity guide will clarify the broad requirements of cybersecurity, going beyond guidelines covered in IEEE 1547-2018 that relate just to the DER interface. This is the standard's first revision and will take the form of a guide to manage ongoing revisions and provide up-to-date security recommendations for DER stakeholders. The working group represents contributors across the energy sector and research institutions including utilities, national laboratories, aggregators, vendors, manufacturers, cloud service providers, and system integrators.

NREL and UL are developing a single unified approach for testing and certifying DERs and inverter-based resources in advance of deployment. This cybersecurity certification standard will help establish the principle of security by design for the next generation of technologies by ensuring they follow cybersecurity pillars of confidentiality, integrity, availability, authentication, and nonrepudiation. NREL is providing the research environment and expertise for device testing, which will inform the standard's development, overseen by UL. The certification will apply to both distributed generation and storage technologies and will integrate knowledge from all current and in-development DER and inverter-based resource-related standards.

A team of six Department of Energy national laboratories is coordinating cybersecurity standards development and adoption across industry, state and federal regulators, standards development organizations; certification laboratories; and research institutions. Convened by the Solar Energy Technologies Office and led by NREL, this committee will build consensus around DER and inverter-based resource device, network, application, and system-level cybersecurity requirements. Through summits, webinars, white papers, coordinated investigations, and feedback from key industry stakeholders, the committee is working to promote awareness around the current state of cybersecurity recommended practices, support a cybersecurity certification standard that could be a reference across industry, and potentially carry that work forward into a U.S. consensus standard.


Cybersecurity Advisory Team for State Solar

The Cybersecurity Advisory Team for State Solar project is an effort funded by the Solar Energy Technologies Office to identify model solar-cybersecurity programs and actions at the state level that enhance security of solar deployments. Led by the National Association of Regulatory Utility Commissioners (NARUC) and the National Association of State Energy Officials (NASEO), the advisory team is providing tools, access, and technical assistance to states, utilities, and the solar industry to develop cooperative cybersecurity strategies. Input from the effort will mitigate critical cyber risks of a fast-growing industry, including solar infrastructure, communications, and interconnection. NREL is supporting the effort with subject matter expertise.

SunSpec/Sandia Distributed Energy Resource Cybersecurity Work Group

SunSpec and Sandia National Laboratories are hosting a working group to advance the state of the art in DER cybersecurity. As cybersecurity is a dynamic topic, especially so for the evolving solar industry, this working group convenes experts and research institutions to stay apprised of cybersecurity developments, define best practices and guidance in particular DER cybersecurity areas, and disseminate knowledge to utilities and other organizations. NREL is lending technical support, including contributions to a DER certification procedure that helped influence the new UL cybersecurity certification standard.


Cybersecurity Certification Standard for Distributed Energy and Inverter-Based Resources, NREL Presentation to NASEO/NARUC Cybersecurity Advisory Team for State Solar (2022)

Cybersecurity Certification Recommendations for Interconnected Grid Edge Devices and Inverter-Based Resources, NREL Technical Report (2021)

Cybersecurity of DER Systems: Cybersecurity Training for State Commissions, NARUC Cybersecurity Training Events for State Regulatory Commissioners (2021)

Certification Procedures for Data and Communications Security of Distributed Energy Resources, NREL Technical Report (2019)

Recommended Functionalities for Improving Cybersecurity of Distributed Energy Resources, NREL Resilience Week (2019)

A Survey of Protocol-Level Challenges and Solutions for Distributed Energy Resource Cyber-Physical Security, Energies (2018)


Danish Saleem

Senior Cybersecurity Researcher and Project Lead, Energy, Security, and Resilience Center