Publications

Publications / SAND Report

Recommendations for Distributed Energy Resource Access Control

Johnson, Jay

Cybersecurity for internet - connected Distributed Energy Resources (DER) is essential for the safe and reliable operation of the US power system. Many facets of DER cybersecurity are currently being investigated within different standards development organizations, research communities, and industry committees to address this critical need. This report covers DER access control guidance compiled by the Access Controls Subgroup of the SunSpec/Sandia DER Cybersecurity Workgroup. The goal of the group was to create a consensus - based technical framework to minimize the risk of unauthorized access to DER systems. The subgroup set out to define a strict control environment where users are authorized to access DER monitoring and control features through three steps: (a) user is identified using a proof-of-identity, (b) the user is authenticated by a managed database, (c) and the user is authorized for a specific level of access. DER access control also provides accountability and nonrepudiation within the power system control environment that can be used for forensic analysis and attribution in the event of a cyber-attack. This paper covers foundational requirements for a DER access control environment as well as offering a collection of possible policy, model, and mechanism implementation approaches for IEEE 1547-mandated communication protocols.