Dive Brief:

• The North American Electric Reliability Corp. on Tuesday published a Distributed Energy Resource Strategy identifying approaches, concepts and regulatory steps necessary for tens of thousands of new aggregated megawatts to be connected to the bulk power system through 2031.
• Key among the reliability organization’s concerns is cybersecurity and how aggregators of those resources will ensure they are not vulnerable to hackers. A new white paper on the security impacts of DERs is expected in the second half of 2023, NERC said.
• Distributed resources like rooftop solar systems are often internet-connected and “have little to no cyber security requirements imposed on them,” NERC noted. An aggregator could control thousands of individual devices, the strategy document said, potentially creating a vulnerability.

Dive Insight:

The strategy document serves as a roadmap, identifying milestones ahead as NERC develops its approach to growing volumes of distributed resources connected to the bulk power system.

DER levels are “rapidly growing across many areas of North America ...  and are altering how the bulk power system is planned, designed and operated,” NERC said. NERC said it expects distributed solar capacity to grow by more than 30,000 MW between 2022 and 2031.

“This influx of DERs presents potential benefits as well as challenges for grid reliability, resilience and flexibility,” NERC noted. The reliability organization has been working with the electric sector to identify bulk power system reliability risks, and in support of that anticipates assessments from technical subgroups next year including:

• A white paper investigating the impacts of battery energy storage on the distribution system and providing modeling guidance for multiple types of DERs is expected in the first quarter;
• A set of modeling recommendations related to DER aggregators and management systems is expected to be complete in the third quarter;
• A white paper examining “coordination strategies between transmission and distribution entities for growing DER levels,” is expected in the second quarter;
• And a white paper looking at the security impacts of DERs and aggregators “documenting the technical details of failure modes and security vulnerabilities,” is expected to be published in the third quarter. 

The growth of distributed resources, along with the introduction of DER aggregation, will “present significant challenges for ensuring the security of the overall electricity ecosystem,” NERC said.

The U.S. Department of Energy, in an October report, concluded an attack on distributed solar or battery storage resources would have “negligible impact” on grid reliability today — but also warned that the capacity of DERs on the electric system is expected to quadruple by 2025 and each of those systems could be hacked.

"These entities are not presently subject to any of the NERC critical infrastructure protection standards or back-up control centers,” NERC said in its strategy document. “NERC is considering these possible risks in its actions related to DER aggregators.”

The Federal Energy Regulatory Commission has solicited input regarding potential new cybersecurity rules for DERs on the bulk electric system.

According to NERC, “the overall goal is for DERs to have adequate security controls and for the DER aggregator to be applicable to necessary operational standards when its aggregate impact affects the BES.”