Risk Assessment at the Edge: Applying NERC CIP to Aggregated Grid-Edge Resources

Dane Christensen, Maurice Martin, Erdenebat Gantumur, Brandon Mendrick

Research output: Contribution to journalArticlepeer-review

8 Scopus Citations


Distributed energy resources (DERs) promise to deliver benefits for both utilities and consumers by dynamically interoperating utility systems with customer-owned grid-edge technologies. These small energy-consuming devices are increasingly being aggregated for participation in grid markets, planning and operations. A cyber attack penetrating the control system of aggregated DERs could negatively impact the operation of the grid. In the worst case, the power grid could be severely damaged and physical safety compromised. In this paper we analyze cybersecurity risks associated with the aggregation of DERs and develop an approach to mitigating that risk. The approaches to both cyber risk analysis and mitigation were developed during a recent research project that serves as an example of how the approaches could be applied. However, both the risk analysis and mitigation are applicable to the broader domain of all DERs. An important conclusion is that the successful cyber compromise of aggregated DERs could have a significant impact on the bulk power system. This is the case even if each individual DER falls below the threshold of compliance with bulk-grid cybersecurity standards. For this reason, we specifically investigate how National Electricity Reliability Corporation's Critical Infrastructure Protection requirements could flow down to interactions between DER aggregators and the DERs themselves in order to protect the grid from these bulk-scale cyber attack impacts.

Original languageAmerican English
Pages (from-to)50-57
Number of pages8
JournalElectricity Journal
Issue number2
StatePublished - Mar 2019

Bibliographical note

Publisher Copyright:
© 2019 Elsevier Inc.

NREL Publication Number

  • NREL/JA-5500-73026


  • Aggregated energy assets
  • Home automation
  • Internet of Things
  • Power system security
  • Security
  • Smart grids
  • Smart homes


Dive into the research topics of 'Risk Assessment at the Edge: Applying NERC CIP to Aggregated Grid-Edge Resources'. Together they form a unique fingerprint.

Cite this