New DOE-Funded Initiative Outlines Proposed Cybersecurity Baselines for Electric Distribution Systems and Distributed Energy Resources

WASHINGTON D.C. – Today, the U.S. Department of Energy (DOE) applauds the release of cybersecurity baselines for electric distribution systems and distributed energy resources (DER) such as solar, wind, and storage. The initiative spearheaded by the National Association of Regulatory Utility Commissioners (NARUC), was funded by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and was guided by a steering group of industry and government subject matter experts including electricity sector owners and operators, state regulatory agencies, cybersecurity experts, and others. Today’s announcement reinforces the Biden-Harris Administration’s commitment to strengthening America’s national and energy security and reaching the President’s goal of a net-zero emissions economy by 2050. 

“Safeguarding America’s energy infrastructure and advancing U.S. cybersecurity capabilities is critical to achieving President Biden’s ambitious climate goals,” said U.S. Deputy Secretary of Energy David M. Turk. “Today’s announcement underscores the Biden-Harris Administration’s commitment to working with key partners, like NARUC, to develop vital cybersecurity solutions and strengthen the resilience of America’s electric systems.” 

“Americans want to know our electricity systems are safe and cyber secure. And companies want uniform expectations when it comes to cybersecurity,” said Anne Neuberger, Deputy National Security Advisor of the United States. “The Department of Energy and NARUC have taken the first step to achieving both, with the release of these cybersecurity baselines. Thank you to the many public and private sector contributors.” 

Cyber threats are increasingly sophisticated and target critical energy infrastructure more frequently than ever before. The 2023 National Cybersecurity Strategy called on DOE to promote cybersecurity for both electric distribution systems and for distributed energy resources infrastructure, and to do so in partnership with states and the energy industry. The regulatory oversight of electric distribution systems and distributed energy resources occurs at the state level. The guidance developed by NARUC, through CESER’s funding, will help provide states with uniform cybersecurity baselines instead of creating a patchwork of cybersecurity requirements across the country. Further, the baselines will enable electric companies and DER providers to work with state utility commissions and energy offices, boards, and communities to prioritize cybersecurity investments across the United States. The cyber baselines are based on DOE’s extensive work on energy sector cybersecurity and the U.S. Department of Homeland Security’s Cybersecurity Performance Goals (CPG). The baselines demonstrate the value of public-private partnership to advance national security priorities. 

In 2024, DOE looks forward to working with NARUC, industry, and states through a similar public-private approach to develop implementation strategies and adoption guidelines, driving towards uniform cybersecurity guidance across the country. The guidelines will include recommendations for assessing cybersecurity risks and prioritizing the assets the baselines might apply to, driving towards the goal of uniform cybersecurity guidance across the country. 

For more information and to view the full cybersecurity baselines report, please click here.