Distributed Energy Resource Cybersecurity Framework Best Practices

Current cybersecurity challenges for distributed energy resources (DERs) stem from the integration of various systems and the cyber-physical security concerns they bring. Although frameworks exist for industrial control systems and other energy systems, a simple guided tool that can prioritize recommended actions for controls specific to DERs is lacking. Additionally, the novelty of the field has made it difficult to create a standardized procedure for DERs with cybersecurity in mind. In response to this critical need to address cybersecurity risk management, the National Renewable Energy Laboratory (NREL) has developed a framework and accompanying web application known as the Distributed Energy Resources Cybersecurity Framework (DERCF) (Powell, 2019). A brief overview of the DERCF can be found in Section 1.2. This document provides a guide to cybersecurity best practices identified by technical research and site visits where the framework was used to assess the cybersecurity posture of DER systems.