2 min read

Cybersecurity Guidelines Released by NARUC and U.S. DOE

Cybersecurity Guidelines Released by NARUC and U.S. DOE

The National Association of Regulatory Utility Commissioners (NARUC) recently released Cybersecurity Baselines for U.S. Distribution and Clean Energy Systems in partnership with the U.S. Department of Energy (DOE). The baselines are intended as a resource for state Public Utility Commissions, electric distribution utilities and distributed energy resources (DER) operators and aggregators and complements the 2023 National Cybersecurity Strategy which directed the DOE to promote cybersecurity for electric distribution systems and for DER infrastructure.  

 

Enhancing Cybersecurity in Electric Distribution Systems 

The baselines - developed in two phases with the assistance of a Steering Group of regulatory, cyber, and industry experts - provide a common starting point for reducing cyber risk and enhancing grid security. This is a particularly important initiative as cyber-attacks grow more sophisticated and increasingly target energy infrastructure.  While in parallel, electric distribution systems grow increasingly complex with new technologies and operational models which create new vulnerabilities.   

 

Phase 1 & 2: Cybersecurity Baselines & Implementation Strategies and Adoption Guidelines

The release of the Cybersecurity Baselines represents Phase 1 of the initiative.  The baselines can be used as a framework by regulatory bodies, utilities, and DER operators and aggregators to develop their own cybersecurity requirements.   

Phase 2 will provide Implementation Strategies and Adoption Guidelines to be used in conjunction with the Phase 1 baselines.  These guidelines will provide recommendations for assessing cybersecurity risk, prioritizing the assets the baselines might apply to, and prioritizing the order of baseline implementation based on cyber risk assessments.  It is expected that Phase 2 will be completed over the next year.   

While it’s important that the Phase 1 Cybersecurity Baselines be used in conjunction with the Phase 2 Implementation Strategies and Adoption Guidelines, having published the Phase 1 Cybersecurity Baselines will provide awareness of the initiative and an opportunity for discussion among key stakeholders.  

 

Phase 1 Key Points

Stakeholders, including state Public Utility Commissions, electric distribution utilities, and DER operators, can use these baselines to mitigate cybersecurity risks and align efforts across states. The development process involved a Steering Group of experts and multiple stakeholder reviews to ensure diverse perspectives were considered. 

Phase 1 tailored existing Department of Homeland Security (DHS) and Infrastructure Security Agency’s (CISA) Cybersecurity Performance Goals (CPGs) for electric distribution systems and DERs. These baselines address critical areas, including:  

  • Asset inventory
  • Cybersecurity leadership designation
  • Vulnerability mitigation
  • Third-party validation
  • Supply-chain security disclosures
  • Vendor and supplier cybersecurity requirements
  • Access control

The complete NARUC Phase 1 Cybersecurity Baselines can be found hereBy establishing these cybersecurity baselines, NARUC and DOE are setting a foundation for a more secure and resilient electric distribution system. Implementing these measures will help protect critical infrastructure from cyber threats and ensure the reliable delivery of electricity to consumers.  We recently published a blog Experts - Cloud Provides Cost, Security & Reliability Benefits to Grid which details the security benefits that can be provided by cloud solutions, as well as the specific best-in-class security benefits which are built into Energy Exemplar's PLEXOS Cloud solution. 

We will also be publishing a series of blogs on cloud solutions and cybersecurity, including a comprehensive overview of best security practices, inclusive of the NARUC baselines.  Subscribe to our newsletter so you don't miss out on any of these upcoming resources!

Why Cybersecurity is Crucial in the Energy Industry

Why Cybersecurity is Crucial in the Energy Industry

This blog is part of a series on cloud solutions and cybersecurity. Subscribe to our blog to stay up to date on the latest publications in the series!

Read More
Best Practices for a Strong Cybersecurity Foundation

Best Practices for a Strong Cybersecurity Foundation

This blog is part of a series on cloud technologies and security – to be sure not to miss out on future publications, subscribe to our newsletter.

Read More
Why Cloud Based Energy Modeling is the Future - Top 7 Reasons to Make the Switch

Why Cloud Based Energy Modeling is the Future - Top 7 Reasons to Make the Switch

In our previous blog post, we explored how cloud-based modeling platforms such as PLEXOS Cloud are transforming the way utilities plan for and manage...

Read More