"New Cybersecurity Tool Simplifies Site Evaluations"
As federal facilities invest in Distributed Energy Resources (DERs) such as solar panels and battery backups, cybersecurity investments must be considered. More energy resources mean increased complexity in management, potentially leading to new cyber vulnerabilities and additional costs. The National Renewable Energy Laboratory's (NREL's) DER Risk Manager (DER-RM) is a downloadable application that implements and automates the National Institute of Standards and Technology's (NIST) widely trusted framework for information security. The DER-RM, created with assistance from the US Department of Energy's Federal Energy Management Program (FEMP), provides a user-friendly solution for sites that must adhere to NIST's Risk Management Framework. The NIST framework, which consists of seven steps, is a comprehensive process that assists organizations in managing information security and privacy risk, but it was not designed specifically for operational technologies such as distributed energy. This service is provided by the DER-RM to organizations that want to adopt more renewable and distributed energy systems. Compliance frequently necessitates time-consuming, cyclical evaluations, which the DER-RM automates. Aside from NIST compliance, the design of the DER-RM was influenced by NREL's previously developed DER Cybersecurity Framework (DER-CF), a cyber evaluation tool that casts a wider net, evaluating multiple domains of a site's security such as cyber governance, cyber-physical technical management, and physical security. Both of the applications walk users through a series of tailored questions to create a profile of their energy system, which is then assessed, scored, and improved with personalized recommendations. The DER-CF application is critical for onboarding DER systems to federal enterprises for organizations that are just starting to assess the cybersecurity posture of their distributed generation assets. This article continues to discuss the DER-RM cybersecurity tool.
NREL reports "New Cybersecurity Tool Simplifies Site Evaluations"