Power generation is being integrated into the electricity grid. Increasingly more power is coming from Distributed Energy Resources (DER), such as solar and wind farms, instead of large power plants, which were previously the only source. The stability of the electricity grid is thus becoming dependent on the DER operators and the communication between grid operators and DER operators.

This change creates new cyber security risks. By attacking the DER operator’s infrastructure, grid stability can be disrupted, and through connected DER systems it might be possible to attack DSO and TSO systems. To ensure the secure operation of the electricity grid, the security of DER operators and their connection to the grid operators and market systems should be at a level that is in alignment with that of the grid operators, while considering the DER specific functional and operational context.

In 2020, ENCS has launched a cooperation with WindEurope and SolarPower Europe to focus on DER security to jointly work towards a European grid where there is no weakest link in the chain. The project concerns the security of all systems needed by DER operators to ensure electricity delivery and connectivity with the grid operators.

The project has produced the following deliverables:

  1. A risk assessment for DER security: an in-depth analysis that can be used as a starting point to understand why securing DER is critical or as a sample when creating your own DER risk assessment.
  1. A set of recommended security measures for DER operators: a set of recommended security measures, both technical and organizational, that DER operators can implement to bring themselves to a similarly mature security level as the grid operators they are connecting to. The alignment with ISO/IEC 27001 ensures that suggested measures aid with achieving certification.
  1. A set of recommended security measures for grid operators connecting to DER: This deliverable provides insight into different architecture variations, the associated connectivity risks, and recommendations on which measures to apply as mitigation. The alignment with ISO/IEC 27001 ensures that suggested measures aid with achieving certification.
  1. Set of procurement requirements for field devices to be used by the DER operator: this document can be directly attached to tenders and ensures that only solutions meeting the minimum security requirements are considered.
  1. A position paper on DER security, providing context on the subject and the main project results. The paper provides an explanation of the changing energy sector due to an increase in distributed energy resources and what this means for the overall security of the European grid. As the position represented is aligned with ongoing policy discussions, the document can serve as a briefing note to management on the tendencies of upcoming European regulation.