Title: Cybersecurity Assessments on Emulated DER Communication Networks

An increasing number of public utility commissions are adopting Distributed Energy Resource (DER) interconnection standards which require photovoltaic (PV) inverters, energy storage systems, and other DER to include interoperable grid-support functionality. The recently updated national standard, IEEE 1547-2018, requires all DER to include a Sun Spec Modbus, IEEE 2030.5, or IEEE 1815 communication interface in order to provide local and bulk power system services. Those communication protocols and associated information models will ensure system interoperability for PV and storage systems, but these new utility-to-DER communication networks must be deployed with sufficient cybersecurity to protect the U.S. power system and other critical infrastructure reliant on dependable power. Unlike bulk generators, DER are commonly connected to grid operators via public internet channels. These DER networks are exposed to a large attack surface that may leverage sophisticated techniques and infrastructure developed on IT systems, including remote exploits and distributed attacks. Although DER make up a growing portion of the national generation mix, they have limited processing capabilities and do not typically support modern security features such as encryption or authentication. In this work, Sandia National Laboratories constructed simulated DER communication net- works with a range of security features in order to study the security posture of different communication approaches. The experimental test environment was created in a Sandia-developed co-simulation platform, called SCEPTRE, which emulated Sun Spec-compliant DER equipment, the utility DER management system, communication network, and distribution power system. Adversary-based assessments were conducted and a quantitative scoring criteria was applied to evaluate the resilience of various architectures against cyber attacks and to measure the systemic impact during such attacks. The team found that network segmentation, encryption, and moving target defense improved the security of these networks and would be recommended for utility, aggregator, and local DER networks.