Cybersecurity Certification Recommendations for Interconnected Grid Edge Devices and Inverter Based Resources

William Hupp, Danish Saleem, Jordan Peterson, Kenneth Boyce

Research output: NRELTechnical Report


Escalating deployment of PV and grid-edge devices on the distribution grid has increased the sustainability and efficiency of the electric grid. However, the increasing number of distributed energy resources (DERs) deployed creates a heightened cyber-physical interdependency on the distribution grid and thus creates more vectors for cyber-attacks to exploit through information and communication technology (ICT) systems and networks. For example, control signal packets can be modified, intercepted, or corrupted due to vulnerabilities in communication protocols used by microgrid controllers and grid edge devices for power control. Therefore, to mitigate and prevent cyber-attacks on grid edge devices and the inverter-based resources connected to the distribution grid, the U.S. Department of Solar Energy Technologies Office (SETO) awarded funding to the National Renewable Energy Laboratory and Sandia National Laboratory (SNL) to research, develop, and harmonize cybersecurity standards for Photovoltaic (PV) systems and for other kinds of DERs. To help develop a standard for DER cybersecurity, NREL established certification recommendations and test cases , in consensus with the solar industry and UL, for ensuring intrinsic design security for DERs. These recommendations were developed to bolster the cybersecure functionalities such as TLS, MAC, CRL, session resumption/renegotiation, and password, system, and service security management within the DER devices. The proposed test cases verify authentication, authorization, confidentiality, and data integrity for data and communications of DERs that use Transmission Control Protocol/Internet Protocol (TCP/IP). They were also developed to protect DER communications from eavesdropping, replay, man-in-the-middle, denial of service (DoS), spoofing through security certificates, least-privilege violation, and brute-force credentials. This report, which has been validated and reviewed by UL, expands upon those test cases to provide DER cybersecurity certification recommendations which increase DER resiliency and help to mitigate cyber-attacks. UL's collaboration with NREL and approval of this document will accelerate the adoption of a UL standard for DER cybersecurity.
Original languageAmerican English
Number of pages53
StatePublished - 2021

NREL Publication Number

  • NREL/TP-5R00-80581


  • certification
  • cybersecurity
  • DER
  • standard


Dive into the research topics of 'Cybersecurity Certification Recommendations for Interconnected Grid Edge Devices and Inverter Based Resources'. Together they form a unique fingerprint.

Cite this