Gap Analysis of Supply Chain Cybersecurity for Distributed Energy Resources

A supply chain is the combination of the ecosystem of resources needed to design, manufacture, and distribute a product. In the context of supply chain cybersecurity, the resources that directly influence this ecosystem include software, data, and/or other digital components. Compromised equipment or software in the supply chain may lead to attacks such as financial loss; denial of service; a breach of confidential or proprietary information from a company, its customers, or its suppliers; ransomware that denies operation of automated equipment for payment; and malicious control actions that could damage equipment and endanger personnel. Currently 60.8% of US energy comes from fossil fuels, 18.9% comes from nuclear energy, and the last 20.1% comes from renewable sources. Federal Energy Regulatory Commission order FERC 2222 and Executive Order 14017 on America's Supply Chains are important milestones for safely expanding generation from renewable energy and achieving the goal of a decarbonized U.S. energy sector by 2035. This report analyzes gaps and opportunities in the supply chain currently available to the renewable energy sector, to help stakeholders formulate a coordinated response.