Cybersecurity Standards for Distributed Energy Resources

Securing Solar for the Grid (S2G) is a collaborative effort among NLR, Idaho National Laboratory, Sandia National Laboratories, and Pacific Northwest National Laboratory focused on achieving the highest level of cybersecurity maturity for solar technologies. Convened by the U.S. Department of Energy and co-led by NLR, S2G is building consensus around device, network, application, and system-level cybersecurity requirements for solar photovoltaics. Through coordinated investigations and feedback from industry stakeholders, the project team is promoting awareness of current cybersecurity practices and is supporting the development of a cybersecurity certification standard. S2G is also developing cybersecurity tools and capabilities to understand stakeholders’ cybersecurity posture, risk assessments to inform investments, and device design security and maturity models for supply chain testing. Each year, the project team hosts webinars and in-person and virtual meetings to collaborate with industry stakeholders. Learn more about our previous events:

2024 Solar Supply Chain Workshop YouTube video

Aggregation and Grid Security Workshop Report.

S2G’s industry advisory board meets biannually to discuss project progress, emerging challenges, and recommendations. Stakeholders interested in joining S2G’s industry advisory board can contact Danish Saleem or Robert Reedy.

In alignment with the National Standards Strategy for Critical and Emerging Technology, NLR is leading an effort to harmonize DER cybersecurity requirements across various standards development organizations, to address gaps in standards and to coordinate with industry stakeholders on a path for DER cybersecurity. As part of this effort, NLR led the development of a DER cybersecurity standards library for researchers and developers. This project is funded by the U.S. Department of Energy and is in collaboration with Idaho National Laboratory, Sandia National Laboratories, UL Solutions, and SolarEdge.

Stakeholders interested in joining the project’s industry advisory board can contact Danish Saleem.

NLR co-led the IEEE 1547.3 working group to update an important guide for DER cybersecurity: IEEE 1547.3 Guide for Cybersecurity of DERs Interconnected With Electric Power Systems. This guide provides security recommendations for DER stakeholders and clarifies the broad requirements of cybersecurity, going beyond the guidelines covered in IEEE 1547-2018. The cybersecurity recommendations proposed in the IEEE 1547.3 guide inform the next revision of the IEEE 1547-2025 standard.

IEEE 1547-2018—the standard for the interconnection and interoperability of DERs with electric power systems interfaces—was published in 2018 and did not mandate cybersecurity requirements at the DER interface. NLR is co-leading an effort to update the cybersecurity portion of the IEEE 1547-2025 standard revision. The working group for standards revision represents contributors across the energy sector and research institutions, including utilities, national laboratories, aggregators, vendors, manufacturers, cloud service providers, and system integrators.

In collaboration with UL Solutions, NLR co-led the development of the cybersecurity requirements for testing and certifying DERs before and after deployment. These requirements are undergoing consensus development. Once published, the UL 2941 cybersecurity certification standard will help establish the principle of security by design for these technologies by ensuring they follow the cybersecurity pillars of confidentiality, integrity, availability, authentication, and nonrepudiation. The certification will integrate knowledge from all current and in-development standards related to DERs and inverter-based-resources and apply to distributed generation and storage technologies.

Learn more about the steps involved in developing the UL 2941 cybersecurity standard and the current status.