Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs)


The energy transition is driving a shift toward the increasing use of distributed energy resources (DERs). DERs are smaller power-generation resources, usually located on the consumer side, that provide energy where it is needed. Examples of DERs include rooftop solar photovoltaic panels, combined heating and power (CHP) systems, electric vehicles and chargers, wind turbines, generators and energy storage, among others.

From a cybersecurity perspective, DERs pose new and unique challenges for utilities. This is primarily because while DERs connect to electricity grid operators, they may not always be owned by these operators or support the necessary security features. Consequently, they could post a significant risk and directly impact power systems. In the European Union, the European Commission Regulation (EU) 2016-631 that covers “establishing a network code on requirements for grid connection of generators”now includes smaller “Type A” and “Type B” assets that need switching or control capabilities, i.e., the ability to turn type A assets on and off, and controlling the power generation of Type B assets. These two categories consist of assets ranging from 800 watts or the equivalent power of eight strong lightbulbs, up to 50 megawatts for continental Europe (one of five regional groups), which is enough to power a small city.


Picture of Hans Marcus
Hans Marcus
Principal IT Architect, CGI

Hans is a principal IT architect working in the utilities and manufacturing industries. With market experience and deep knowledge on the IT/OT environments of our customers, Hans advises and assists our customers to help securely integrate and converge their IT and OT systems.View profile