Cybersecurity Standards for Distributed Energy Resources

Securing Solar for the Grid (S2G) is a collaborative effort among NREL, Idaho National Laboratory, Sandia National Laboratories, and Pacific Northwest National Laboratory focused on achieving the highest level of cybersecurity maturity of solar technologies. Convened by the U.S. Department of Energy Solar Energy Technologies Office and co-led by NREL, S2G is building consensus around device, network, application, and system-level cybersecurity requirements for solar photovoltaics. Through coordinated investigations and feedback from key industry stakeholders, the project team is promoting awareness of current cybersecurity practices and is supporting the development of a cybersecurity certification standard. S2G is also developing cybersecurity tools to understand stakeholders’ cybersecurity posture, risk assessments to inform investments, and device design security and maturity models for supply chain testing. For more information, watch this YouTube video of the August 2024 Solar Supply Chain Workshop.

S2G’s industry advisory board meets biannually to discuss project progress, emerging challenges, and recommendations. Stakeholders interested in joining S2G’s industry advisory board can contact Danish Saleem, Emma Stewart, or Marissa Morales-Rodriguez.

In alignment with the National Standards Strategy for Critical and Emerging Technology, NREL is leading an effort to harmonize DER cybersecurity requirements across various standards development organizations, to address gaps in cybersecurity certification standards, and to coordinate with industry stakeholders to plot a path for DER cybersecurity. This project is funded by the U.S. Department of Energy’s Grid Modernization Initiative and is in collaboration with Idaho National Laboratory, Sandia National Laboratories, Underwriters Laboratories, and SolarEdge.

Stakeholders interested in joining the project’s industry advisory board can contact Danish Saleem.

NREL co-led the IEEE 1547.3 working group as vice chair to update an important guide for DER cybersecurity: IEEE 1547.3 Guide for Cybersecurity of DERs Interconnected With Electric Power Systems. This guide, which is now published, provides security recommendations for DER stakeholders and clarify the broad requirements of cybersecurity, going beyond the guidelines covered in IEEE 1547-2018. The cybersecurity recommendations proposed in the IEEE 1547.3 guide inform the next revision of the IEEE 1547-2025 standard.

IEEE 1547-2018—the standard for the interconnection and interoperability of DERs with associated electric power systems interfaces—was published in 2018 and did not mandate cybersecurity requirements at the DER interface. NREL is coleading an effort to update the cybersecurity portion of the IEEE 1547-2025 standard revision. The working group for standards revision represents contributors across the energy sector and research institutions, including utilities, national laboratories, aggregators, vendors, manufacturers, cloud service providers, and system integrators.

In collaboration with Underwriters Laboratories, NREL co-led the development of the cybersecurity requirements for testing and certifying DERs before being deployed and while in the field. These requirements are undergoing consensus development. Once published, the Underwriters Laboratories 2941 cybersecurity certification standard will help establish the principle of security by design for the next generation of technologies by ensuring they follow the cybersecurity pillars of confidentiality, integrity, availability, authentication, and nonrepudiation. The certification will integrate knowledge from all current and in-development DER and IBR-related standards and apply to distributed generation and storage technologies.

Learn more about the steps involved in developing the Underwriter Laboratories 2941 cybersecurity standard and where we’re at in the process.