Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Offers Guidelines for Securing Distributed Energy Resources and Proposes Research

NIST supports securing grid interfaces

In October 2021, NIST published Distributed Energy Resource Security: Potential Guidelines and Research Topics. This NIST Tech Note addresses an effort to validate the applicability of cybersecurity controls in NIST’s Guidelines for Smart Grid Cybersecurity (NISTIR 7628 Revision 1, published in 2014) to distributed energy resources (DER), which have new information exchanges with the grid, and which are potential points of cyberattacks. The NIST 2021 Distributed Energy Resource Security publication reports that these interface categories can be secured based on NIST’s Guidelines for Smart Grid Cybersecurity. For example, NIST's 2021 publication compared three new DER interface categories to cybersecurity protections for grid interface categories that existed at the time of the NIST 2014 publication, finding that the cybersecurity protections are applicable to the new DER interface categories. The 2021 publication also maps NIST's 2014 cyber controls to critical infrastructure standards set by North American Electric Reliability Corporation. NIST’s Distributed Energy Resource Security publication points out that current cybersecurity controls for interface categories do not address the people and processes for securing high-DER environments. The publication also proposes the following research topics regarding cybersecurity for a high-DER grid environment:

  • How other industries solved similar security challenges
  • How updated security controls will be implemented in commercial equipment for use in high DER scenarios
  • How business models will introduce independent service providers whose sole purpose is to ensure security for DER devices
  • How might a framework be applied that expects 80% of cybersecurity regulatory requirements to be met and 20% of requirements to be customized, based on jurisdiction or business model
  • How NIST smart grid cybersecurity documents can be harmonized to ensure their applicability in the current technology environment 
Released November 1, 2021, Updated May 25, 2022