Utilities trade association releases baseline cyber standards for distributed renewable energy
The National Association of Regulatory Utility Commissioners on Thursday released cybersecurity baselines for distributed renewable energy resources like home solar panels.
The Department of Energy-funded initiative for voluntary baselines provides a standard for basic cyber protections for electric distribution systems and distributed energy resources (DER) companies, which are among the fastest-growing industries. DERs, which are small-scale local energy generation technologies and storage like solar panels and small wind farms, make up a major portion of the U.S. energy sector. The NARUC baselines, per the press release, were needed given that regulatory authorities for DERs are at the state level instead of through the Federal Energy Regulatory Commission, which enforces mandatory cybersecurity compliance for the U.S. grid.
“Safeguarding America’s energy infrastructure and advancing U.S. cybersecurity capabilities is critical to achieving President Biden’s ambitious climate goals,” Deputy Energy Secretary David Turk said in a statement.
Though the lasting impacts of climate change have already diluted terms like 100-year-floods, investments into clean energy resources are part of the Biden administration’s goal of creating 100% clean electricity by 2035. This initiative was funded by the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Both DOE and NARUC will host virtual public briefings next month on the baseline guidance.
The guidance is also a part of the national cybersecurity strategy released last March, which directs DOE to promote cybersecurity resilience into the grid transition. DOE has other efforts aimed at securing the transition, such as the Clean Energy Cybersecurity Accelerator and the Energy Cyber Sense vulnerability testing program for grid equipment.
Because regulation among states can vary widely — particularly when it comes to cybersecurity — the guidance is meant to provide uniformity instead of patchwork requirements, according to the release. The baseline recommendations were modeled off of the Cybersecurity and Infrastructure Security Agency’s cybersecurity performance goals.
“Americans want to know our electricity systems are safe and cyber secure. And companies want uniform expectations when it comes to cybersecurity,” Anne Neuberger, deputy national security advisor for cyber and emerging technology, said in a statement. “The Department of Energy and NARUC have taken the first step to achieving both, with the release of these cybersecurity baselines.”
Thursday’s announcement is the initial phase of the initiative, which plans on moving toward implementation strategies and guidance for the booming renewable industry. Renewables are expected to supply almost half of the energy generation in the U.S. by 2050, according to the U.S. Energy Information Administration.