CSE 041

Resilience at the Edge: DER Integration Challenges for Information Systems, Telecommunications, and Cybersecurity

Authors

Victor TAN - SC D2 Chair, Australia
Marit OWREN VALMOT - Norway
Thuthukani BIYELA - South Africa
João CASEIRO - Portugal
Giovanna DONDOSSOLA - Italy
Davy HAEGDORENS - Belgium
Junho HONG - United States
Mario JAVOROVIC - Croatia
Seok-Chan LEE - South Korea
Jianing LI - United Kingdom
Young NGO - Canada
Mats UHLIN - Sweden
Chaoyang ZHU - China

1. Introduction

The electric power system is undergoing its most significant transformation in over a century.

Distributed Energy Resources (DER), i.e. PV and wind onshore plants, rooftop solar, battery storage, electric vehicles, and demand response, are reshaping the grid from a predictable power flow from large scale bulk generators to consumers, to a decentralised multidirectional ecosystem.

The challenges to the grid are well known including stresses to the physical constraints of current grid infrastructure including transmission lines, and distribution poles and wires. 

This transition also creates profound challenges for the information systems, telecommunications infrastructure, and cybersecurity frameworks that underpin grid operations.

This paper synthesises the work from the CIGRE SC D2 focus group on DER. This focus group was established in September 2025, and consists of expert members from Australia, Belgium, Canada, China, Croatia, Italy, Portugal, South Africa, South Korea, Sweden, the United Kingdom, and the United States.

The scope of this focus group is to undertake a current-state study on the impact, challenges and opportunities of DER to the grid, in the context of information systems, cybersecurity and telecommunications. 

The research encompasses regional perspectives from Australia, Japan, Italy, Korea, Sweden, Croatia, Portugal, South Africa, and the United States. Although these countries are only a small subset of the global CIGRE representation, our findings provide sufficiently diverse coverage of the topic relevant worldwide. We hope to cover additional regional perspectives with increased representation from inputs from other countries in future extensions of this work in our Study Committee.

In addition to the exchange of knowledge and experience among the focus group members, our findings are supplemented by current research, to examine how the global power industry is navigating these challenges.

2. The Transformation at the Grid Edge

For most of its history, the electric grid operated on a simple premise: large power stations generated electricity, high-voltage transmission lines carried it across vast distances, and distribution networks delivered it to consumers.

The control architecture mirrored this simplicity. A handful of control centres monitored a region or country’s generators and substations, with data polling rates measured in seconds. The system was deliberately simple because the network’s supply and load were largely predictable and dimensioned by design.

Figure 1 - The traditional grid where bulk generators supply consumers in a predictable flow pattern

Figure 2 - In a grid with high DER penetration power flow becomes much more dynamic which causes strain to the transmission and distribution infrastructure (poles and wires), which requires increased data exchange for efficient coordination

That assumption no longer holds true with the rapid uptake of DER. In the United States alone, residential solar installations grew from 89,000 in 2010 to 4.7 million by 2023 [1]. Globally, energy storage capacity is expected to quadruple by 2030 compared to 2018, largely driven by widespread electric vehicle adoption [1].

Australia now hosts over 4.2 million rooftop photovoltaic systems and more than 450,000 residential battery installations, with the federal Cheaper Home Batteries Program (commenced July 2025), which subsidises consumers to install batteries in their homes, materially accelerating uptake.

Other advanced markets — including Japan, Germany, and Korea — are experiencing comparable growth in distributed PV, storage, and EV-related infrastructure [17][19][20]. These DERs are not merely additional power sources; they represent a fundamental reconstruction of the grid's architecture, residing at various points in the grid and at its edges.

Figure 3 - Global DER Deployment Growth Curve (2010–2030). Exponential increase in distributed solar, storage, and EV charging infrastructure across major markets, with projections to 2030 showing the scale of the integration challenge. [17][18][19][20]

The implications for Study Committee D2’s domains — Information Systems, Telecommunications, and Cybersecurity — are profound.

Where grid operators once monitored hundreds or thousands of assets, they must now achieve visibility over millions of DERs. Where communication latency of seconds was acceptable, real-time frequency response now demands millisecond precision.

Where security perimeters ended at the substation fence, they now extend to smart devices in a DER premise or a consumer’s home. Systems are now more interconnected than ever with data exchanged between critical OT networks and networks outside the OT boundaries, including DER and consumer networks. The assumption that utility OT networks can continue to operate with an “air gap” is no longer true.

3. The DER Data Exchange Problem: Scale, Diversity and Cybersecurity

3.1. Scale and Diversity of Data

DER information exchange spans two regimes that historically used different sets of practices and standards, i.e. the utility-grade DER — distribution-connected wind, solar, and storage plants, where IEEE 1547-2018 applies to DERs of any size at typical primary or secondary distribution voltages (the 10 MVA aggregate cap of IEEE 1547-2003 was removed in the 2018 revision), and regions such as Australia classifies non-scheduled generators in the 5–30 MW band; and the consumer-edge tier which consists of rooftop PV, home batteries, and EVs - these are also referred to in Australia as Consumer Energy Resources (CER).

Both regimes are now operationally significant, and each has converged on its own subset of communication standards.

Traditional utility scale SCADA architectures were engineered around bounded RTU populations and pre-defined point-lists, with topology updates driven by utility-owned switching assets — not for the dynamic fan-out of millions of consumer-edge endpoints.

Modern DER integration requires information exchange architectures that handle millions of endpoints across both tiers, and semantic interoperability across heterogeneous protocols and data models.

In larger utility grade DER systems, visibility of distributed resources is no longer optional optimisation data — it is increasingly required for secure and stable operation.

The distribution-edge "blind spot," where gigawatts of distributed generation now operate outside utility real-time monitoring, contributes directly to forecasting errors, localised voltage violations, and reverse power flows that can propagate upward to threaten system stability.

A second challenge is the diversity and uneven standardisation of DER data exchange — frequently differing within a single country. As data traverses participant boundaries (DER → OEM platform → aggregator → distribution utility → market operator → customer), preserving meaning and ensuring accurate interpretation of data becomes difficult.

Semantic loss occurs at the various DER information exchange layers. At the utility tier, mapping information between IEC 61968/61970 CIM, IEC 61850, IEC 60870-5-104, and IEEE 1815 (DNP3) is a known integration concern, andat the consumer-edge tier, OEM-proprietary cloud schemas must be reconciled with standards such as CSIP-Aus / IEEE 2030.5 representations and ultimately with DSO DERMS data models.

The power industry has mature standards for substation and utility automation, including IEC 61850, with its 61850-7-420 DER logical-node extensions and other scope for inverter-based DER, e-mobility, and hierarchical DER systems; and for SCADA telecontrol of utility-owned assets we have IEC 60870-5-101 / -104 and DNP3.Although these standards originated in utility automation contexts, they have been formally extended to DER.

The newer DER ecosystem nonetheless adds further protocols at the grid edge, each differs materially in data model, security posture, and vendor implementation maturity.

Table 1 summarises the protocol landscape and indicates which protocols apply at which tier of the DER.

Protocol/StandardPrimary DomainRegional AdoptionApplicability
IEC 61850 (incl. -7-420, -90-7, -90-8, -90-15)Power utility automation with DER extensionsGlobal standard; mature in EU, Asia-Pacific, Latin America; emerging in North AmericaUtility-grade DER
IEEE 1547-2018 / IEEE 1547a-2020DER functional interconnectionNorth America baseline; influential globallyBoth (functional umbrella; residential devices certify via UL 1741 SB / AS 4777.2)
IEEE 2030.5 (Smart Energy Profile)DER/DR/EV/metering application protocol; CSIP / CSIP-AUS smart-inverter profilesNorth America (CA Rule 21, HI Rule 14H), Australia (CSIP-AUS / Standards Australia HB 218 by DERIAPITWG); growing internationallyConsumer-edge DER (primary); also Utility
IEC 60870-5-101 / -104Telecontrol — serial / TCP-IP for SCADAGlobally deployed — EU, Latin America, China, India, CIS, ME, Africa, parts of NAUtility-grade DER
IEEE 1815 (DNP3) / DNP3 SAv5SCADA, distribution automation, DERPredominant NA; also AU, NZ, ZA, UK, parts of LATAMUtility-grade DER (rare at consumer edge)
SunSpec ModbusDER device information models (PV, storage, meters, EV, weather)GlobalConsumer-edge DER (primary local data plane); also Utility
OpenADR and IEC 62746-4:2024Demand response, DER flexibility signalling, dynamic pricingGlobal (US, JP, KR, EU, AU) — DR/price/flexibility signals (not wholesale market clearing)Both (DR programs span tiers)
OCPPEVSE ↔ Charging Station Management SystemGlobal de facto standardConsumer-edge DER (primary, EVSE)
AS/NZS 4777.2:2020 (AU) / UL 1741 SB (US) — device certification, not data-exchange protocolGrid-supportive smart-inverter functions (V/W, V/Var, ride-through, anti-islanding, DRMs 0-8)AU + NZ / US — mandatory for grid-connected residential invertersConsumer-edge DER
OEM cloud APIs of various vendorsDe facto consumer-edge DER data plane — vendor-proprietary REST/MQTT to inverters / batteries / EVSEGlobal; market-driven; dominant for the installed residential fleet todayConsumer-edge DER (de facto)
Table 1 - The DER data exchange protocol landscape

Our focus group identified a critical gap, i.e. while real-time operational data exchange is converging on a small set of standards (IEEE 2030.5 / CSIP, SunSpec Modbus, IEC 61850, OCPP), adoption of equally non-real-time exchange standards — IEC 61968 (network topology, planned outages, asset registry) and IEC 61970 / CGMES (network models) — remains uneven and profile-fragmented across utilities and jurisdictions. Integrators continue to build custom translation layers at most utility/aggregator boundaries even where a published standard exists, increasing integration cost, attack surface, and operational complexity.

3.2. Data Quality and Service Level Agreements

Beyond interoperability lies a more fundamental question: what constitutes “good enough” DER data for grid operations?

Our focus group discussions revealed that detailed Service Level Agreements governing data latency, accuracy, and completeness are often not standardised with DER. 

The regulatory requirement to provide data may exist, but the technical quality of that data is not strictly enforceable. For critical applications like automatic frequency response, this ambiguity can compromise grid stability.

DERs by their nature consists of smaller capacity generating resources (typically tens of MW for utility grade DERs, and lower for CERs), many of which do not operate under such scrutiny. It may not be economically viable for small DERs to comply with stringent communications, data quality, and cybersecurity requirements.

Among our focus group members, Italy stands out for its prescriptive approach. The normative project “Plant Central Controller” (CCI, Controllore Centrale di Impianto) has been consolidated by norm CEI 0-16 [5], defining a set of monitoring and control functions for distributed generation plants connected to medium-voltage grids with power equal to or greater than 1 MW. Electrical measures at the DER connection point are exchanged with the DSO with a sampling rate of 4 seconds through a CCI communication interface. In the near future, to implement the power limitation procedure of the national defence plan, the CCI device will become an obligation for all PV plants and wind production plants of nominal power greater than 100 kW, thus extending by one magnitude order its application perimeter.

The industry must move beyond protocol interoperability to establish standardised data quality frameworks. For example, a multi-layered approach combining IEC 61850-7-420 for modelling, IEEE 2030.5 for control, and OpenADR for market signals — harmonised with the Common Information Model (CIM) could be a pathway for regions that use these protocols. Equally important is the inclusion of data quality SLAs in grid connection agreements.

4. The Telecommunications Dilemma: Private vs Public

Reliable telecommunications form the foundation of data exchange for DER. 

However, the economic feasibility of connecting millions of distributed assets forces a fundamental trade-off between the reliability of private networks and the ubiquity and affordability of public infrastructure.

The focus group inputs reveal a global divergence in how this trade-off is being addressed.

4.1. The Case for Private Networks: The Adoption of 450 MHz

Northern European utilities, particularly in Germany, Sweden, Finland, and Austria, are investing heavily in dedicated utility networks operating in the 450 MHz frequency band. The physics of this low frequency are ideal for utility applications: superior signal propagation allows wide-area coverage with fewer base stations, and signals penetrate deep into building basements where smart meters and DER controllers are typically located.

More critically, these private networks provide purpose-built communications — independent of commercial congestion during mass events or emergencies. The deployment models vary by country. In Austria and Germany, 450 MHz networks are owned and operated by an electric utility consortium, initiative deploying 1,600 base stations nationwide, designed to operate for up to 72 hours during power outages through extended battery backup. [6]

Sweden presents a different model. Sweden’s 450 MHz network offers mobile broadband services exclusively to the industry and society segments — including mines, production facilities, defence, and healthcare. The network is designed for a 10-day power supply endurance, supported by both battery and diesel power solutions — significantly exceeding the 72-hour benchmark of some utility-operated networks.

Our focus group input from Sweden also noted that some utilities are evaluating the feasibility of building and operating their own 4G/5G RAN (Radio Access Network) to provide station access for the electric grid, creating a network backup overlay. DER access has been identified as one of the most promising spin-off applications of such an initiative.

4.2. The Case for Public Networks: Scale and Economics

Markets driven by rapid deregulation and massive scale — notably the United States, parts of Asia, and emerging economies — rely heavily on public cellular networks (4G/5G) and increasingly on Low Earth Orbit (LEO) satellites. The economics are compelling: deploying private infrastructure to reach millions of small DERs is prohibitively expensive, whereas public networks already exist.

Japan’s approach reflects this pragmatism. The Energy Resource Aggregation Business (ERAB) guidelines explicitly allow aggregators to use public LTE, Wi-Fi, and increasingly LEO satellites for DER connectivity, while emphasising that security measures must compensate for the reduced reliability of public infrastructure. [7]

Korea presents a technological divergence: private 5G (e-Um 5G) for large-scale DERs and campus microgrids, NB-IoT and LTE-M for smaller, dispersed assets. This creates what one focus group member described as a “two-speed grid” — wealthy, large-scale assets can participate in high-value, real-time ancillary markets using low-latency 5G, while smaller assets are relegated to slower, energy-only markets due to connectivity limitations.

4.3. The Hierarchy of Connectivity

The industry is moving toward a tiered architecture based on application criticality:

TierApplicationTypical Latency [1] Requirement Typical AvailabilityTypical Solutions
Tier 1Protection, Frequency Response<20 ms99.999%Fibre, PLC, microwave radio; emerging: Private 5G
Tier 2SCADA, Voltage Control<1 second99.99%Utility fibre, Public 4G/5G with SLAs, Private LTE/5G, LEO satellites
Tier 3Market Settlement, Forecasting>1 minute to hours99%Inter-participant connectivity: private links or VPN over public Internet, datacentre and cloud connectivity; field data sources: AMI / telemetry over NB-IoT, LTE-M, Mesh Radio, LEO Satellites

Focus group members from Sweden provided additional context on Tier 1 protection requirements. Line Differential Protection is the most demanding service, requiring not only latency below 20 ms but also full bi-directional delay symmetry between communicating protection equipment. The market is currently dominated by analogue and PDH interfaces but is moving slowly toward IP or Ethernet interfaces.

While 5G (particularly Ultra-Reliable Low-Latency Communications, URLLC) promises near-real-time control, the focus group noted that many deployment sites “lack the operational maturity and standardised Quality of Service policies to consistently deliver the required latency bounds for grid support functions.” The promise of 5G is real, but the operational reality in 2025 remains uneven. [16][33]

In the context of DER, at the inverter level, autonomous DER protection schemes (voltage/frequency ride-through, V/W and V/Var response, anti-islanding, and RoCoF protection) are inverter-resident functions that do not depend on wide-area telecommunications. However, line and transformer-differential protection do apply to the connection assets of utility-scale DER plants, including large BESS, solar, and wind farms with HV step-up transformers and dedicated feeders and some regions impose Direct Transfer Trip as a telecommunications-mediated Tier 1 protection function for medium-to-large DER.

5. The Cybersecurity Challenges

An observation on DER integration is that the efficient and interconnected technologies needed to decarbonise and optimise the grid, including cloud platforms, edge intelligence, API-based integration, also expand the cyber-attack surface far beyond that of traditional, more isolated power systems.

The grid no longer has a single perimeter at the substation fence. It now includes interfaces to grid-scale batteries, solar and wind plants, aggregators’ cloud platforms, and even smart inverters, EV chargers, and charging stations in DER premises. Securing this highly distributed perimeter is now as critical as the physical hardening of substations once was.

5.1. The Aggregate Threat

A 2024 Sandia National Laboratories report on solar energy cybersecurity documented observed weaknesses in grid-connected inverters: unencrypted storage, default passwords, and unused debug ports [8].

In March 2025, Forescout Vedere Labs published the “SUN:DOWN” report, identifying 46 new vulnerabilities across inverters from major suppliers. Of 93 previously disclosed CVEs across these vendors, 80% were rated high or critical severity, with 30% scoring CVSS 9.8–10, the most severe vulnerabilities in the cybersecurity vulnerability scoring system.

The research demonstrated that controlling as little as 2% of Europe’s 270 GW installed solar capacity could be sufficient to negatively impact the grid. Follow-up research found approximately 35,000 exposed solar devices from 42 vendors globally accessible via the internet. [21]

The risk is not the compromise of any single inverter or EV charging station, but the aggregate effect. A synchronised cyberattack on thousands of small inverters or charging stations could constitute a gigawatt-scale event, effectively weaponising the distributed grid against itself. Researchers have demonstrated that attackers controlling compromised inverters can “tamper with their power output settings or switch them off and on in a coordinated manner as a botnet.” [9] 

5.2. The Regulatory Gap

Regulatory frameworks have not kept pace with this transformation, and the gap is structured differently in each jurisdiction.

United States. NERC CIP standards apply to the bulk power system. Because most DER connects at distribution voltage, it falls outside federal CIP jurisdiction regardless of individual capacity. Cybersecurity oversight is left largely to state regulators, utilities, and voluntary industry standards — creating gaps and inconsistencies in protection. [10] Recent efforts to address this gap include the NARUC/DOE Cybersecurity Baselines for Electric Distribution Systems and DER [29] and the NREL DER cybersecurity standards gap analysis [22]. At the bulk-system level, FERC's 2025 approval of NERC CIP-015 introduces requirements for monitoring traffic inside electronic security perimeters — a direction aligned with Zero Trust principles, driven by supply-chain compromises and CISA-tracked state-sponsored campaigns targeting critical infrastructure. [28]

Europe has moved toward broader horizontal cybersecurity regulation, though implementation is uneven. The NIS2 Directive [27] applies cybersecurity obligations across electricity-sector entities — generation, transmission, distribution, and EV charging operators — and to manufacturers of equipment used by the sector. It introduces management-body accountability and penalties of up to €10 million or 2% of global turnover for essential entities. Many Member States missed the October 2024 transposition deadline, prompting the European Commission to open infringement proceedings. The EU Network Code on Cybersecurity [11], in force from June 2024, establishes Union, regional, and Member-State-level cyber risk-assessment frameworks for cross-border electricity flows, with phased multi-year implementation milestones.

Italy is among the most prescriptive national implementations. CEI 0-16 [5] mandates secure DER-to-DSO communications using IEC 61850 MMS protected by IEC 62351 (TLS encryption and certificate-based authentication), implemented through an on-site Plant Central Controller (CCI) that must meet IEC 62443 cybersecurity requirements, supported by a public-key infrastructure for managing the key and certificate life cycle [35]. The Italian model establishes a strong cryptographic perimeter but creates operational challenges for smaller operators — particularly around certificate lifecycle management and reliable connectivity. Comparable prescriptive approaches exist in Korea, Japan, and Australia.

5.3. Zero Trust

Traditional perimeter-based security models assume that assets inside the network boundary can be trusted. In a world where DERs connect through consumer internet connections, third-party aggregator platforms, or large-scale DERs connecting to OEM clouds, this assumption no longer holds true.

Zero Trust Architecture — a cybersecurity principle of always verifying identity and authorisation — has gained momentum over the last few years. Rather than implicit trust based on network location, every access request is authenticated, authorised, and encrypted, regardless of origin. The U.S. Department of Defense published comprehensive guidance in November 2025 on applying Zero Trust to operational technology environments, outlining 105 activities (84 target-level and 21 advanced-level) across seven pillars: users; devices; applications and workloads; data; networks and environments; automation and orchestration; and visibility and analytics. [12][34] The guidance explicitly covers power grids, energy management systems, and facility control systems.

Figure 4 - Conceptual view of the Zero Trust Architecture, where identity is verified with authentication and authorisation at every point of the network 

However, applying Zero Trust to OT environments is not straightforward. Many operational technology systems are decades old, lacking native authentication or encryption. Adding advanced security controls without due care can introduce latency and inadvertently introduce access errors or outages due to security controls being falsely triggered.

The industry requires a risk-based, graded and sensible approach to cybersecurity that recognises the heterogeneity of DER deployments. This includes leveraging established standards like the IEC 62443 series — Security for industrial automation and control systems (particularly Parts 3-3 and 4-2) [32], and linking cybersecurity performance with market participation criteria to create economic incentives for security investment — as emerging under the EU Network Code on Cybersecurity. [26]

5.4. The Aggregator as Trust Boundary

Across nearly all regions surveyed, a common theme is that the Aggregator has become a critical, yet frequently under-regulated, trust boundary.

Aggregators now hold the keys to gigawatts of distributed power, yet often operate under IT-sector governance rather than the strict OT-sector reliability standards that govern traditional utilities.

Within our focus group, experts expressed particular concern following prominent breaches in national telecommunications providers. A compromised aggregator, or a vulnerability in the telco link between aggregator and grid operator, could serve as a backdoor into the national grid. The focus group emphasised the need for mutual authentication and fine-grained access control that does not implicitly trust the carrier network.

NERC has published white papers specifically addressing cybersecurity for DERs and DER aggregators, noting that a single compromised aggregator could impact over 1,000 distributed assets and that NERC CIP was not designed for distribution-level assets. [25]

Japan’s response is instructive. The ERAB cybersecurity guidelines, revised to Version 3.0 in May 2025, explicitly address the aggregator role with comprehensive requirements covering deterrence, defence, damage assessment, and business continuity. [7] Crucially, the guidelines require DERs to possess robust local control logic for microgrid islanding — ensuring continued operation if telecommunications with the aggregator are severed during a disaster. This requirement for autonomous resilience distinguishes the Japanese approach from market-centric models where loss of communication typically defaults to shutdown.

5.5. Point of Control: Plant-side CCI vs Cloud-based Aggregation

Perhaps the most striking divergence is between Italy’s hardware-centric approach and the cloud-native models of Japan and the United States. Italy’s mandatory Plant Central Controller (CCI, Controllore Centrale di Impianto) creates a “grid code in a box” — a certified hardware controller at the point of interconnection that provides a uniform interface for DSO control regardless of the underlying DER technology. This reduces complexity for grid operators but places the compliance burden on plant owners.

In contrast, the US model under FERC Order 2222 enables aggregators to participate in wholesale markets by bundling diverse DERs behind cloud platforms. This accelerates market participation and lowers entry barriers but creates “soft” security perimeters vulnerable to cloud-based attacks. The grid’s attack surface effectively extends to the internet at large. Implementation timelines vary significantly across US RTOs, ranging from 2026 to 2030.

The real divide is less about “hardware vs software” or “on-prem vs cloud” and more about where control and compliance are anchored. Italy’s CCI mandate makes each plant responsible for presenting a predictable, certifiable interface at the point of interconnection. Aggregator-centric models shift much of that complexity and risk into the aggregator’s cloud stack, creating dependencies on their security practices and governance.

5.6. Regional Approaches: Divergent Paths to a Common Goal

The focus group found that while all regions face similar challenges, their approaches diverge significantly based on regulatory philosophy, market structure, and existing infrastructure. The following comparison illustrates how different regions are resolving the trilemma of information exchange, telecommunications, and cybersecurity.

RegionPrimary DriverEdge ArchitectureTelecom StrategyCybersecurity Approach
ItalyRegulatory mandate for stability (ARERA/CEI)Hardware-based CCI at interconnection pointDSO fibre optics/DER owner’s public linksMandatory TLS PKI, IEC 62351, IEC 62443-4-2 product certification
JapanDisaster resilience, consumer protectionCloud-based aggregation (ERAB)Public LTE/Wi-Fi, LEO satellites for remote areasJC-STAR labelling scheme, ERAB guidelines v3.0
KoreaHigh-tech industrial policy, grid modernisationHybrid (cloud + gateway)Private 5G (large), NB-IoT (small)Increased alignment with IEC 62443, aggregator trust boundary focus
SwedenNordic market harmonisation, legacy transitionPlanned hub-based data exchangePrivate 450 MHz LTE, modernising from ICCP towards CIM/IEC 61850-based exchangeGDPR, EU Network Codes (NCCS, NIS2), increased cybersecurity regulation and compliance (Protective Security Act)
USAMarket access (FERC Order 2222), deregulationAggregator-centric (DERA)Public LTE, private fibre for critical assetsNERC CIP (bulk), state-level (distribution)
CroatiaCongestion management, EU complianceTraditional SCADA extensionUtility fibre, public cellularEU Network Codes, TSO-DSO coordination
PortugalHigh renewable penetration, smart-metering interoperability, dynamic tariffsOpen/interoperable data platforms, smart meteringPublic cellular, PLCPT/EU Network Codes, ISO 27001
South AfricaEnergy security, rapid private DER growthEmerging, not standardisedGrid code does not emphasise telecom requirements for smaller plantsNo binding DER cybersecurity framework at distribution tier; voluntary adoption in early stages
AustraliaVery high renewable (residential CER and grid scale DER) penetrationInformation exchange of grid scale DER via the DSO and the Market Operator, smaller CER/DER via dynamic operating envelopes and aggregators/VPPPrivate telecommunications for larger scale DER, smaller scale DER and CER mostly public carrierCritical Infrastructure law (SOCI Act) applies to larger scale DER, with the use of the Australian cybersecurity framework (AESCSF), but smaller DER/CER lagging
ChinaHigh renewable penetration, Power grid securityVPP (virtual power plants), the use of public cloud, advanced meteringPLC (power line carrier), 4G/5G virtual private networks, dedicated power wireless private networksRegulatory requirements exist. There are no unified architectures that apply to DER/VPP – however, they are maturing

6. The Iberian Peninsula Blackout — A Case Study in DER Integration Challenges

On 28 April 2025 at 12:33 CEST, the power systems of Spain and Portugal collapsed. Within a few minutes, about 31 GW of generation had disconnected. The Iberian Peninsula lost power entirely and a small area of southern France was affected. Spain's transmission system was fully restored only by 04:00 the next morning. The incident’s Investigation Expert Panel describes this as the most severe blackout in Europe in over twenty years.

At the time of the event, Spain's generation mix was dominated by renewables and inverter-based resources, supported by a small grid-scale battery fleet. The ICS Investigation Expert Panel Final Report of 20 March 2026 attributes the blackout to multiple interacting factors: voltage fluctuations and oscillatory phenomena triggered widespread generator disconnections in Spain, particularly of inverter-based plants. A cascade of overvoltage trips followed, and the Iberian system eventually lost synchronism with Continental Europe. Conventional units, including nuclear and combined-cycle plants, tripped alongside the renewables. The renewable plants were operating in fixed-power mode and were not providing reactive-power support to stabilise voltage; this was an operational and procurement gap rather than a legal restriction. The event is not really about renewable penetration. It concerns the operational framework around inverter-based generation. [13]

Three findings in the Final Report touch the themes of this paper directly.

The first concerns DER visibility. ENTSO-E asked the affected DSOs whether they had observed unusual DER behaviour during restoration. The DSOs replied, in §5.8 of the report, that generation units below 1 MW on their networks have no obligation to provide real-time data, so they have no visibility of DER status or electrical parameters and could not have detected unwanted DER behaviour even if it had occurred. To reconstruct the aggregated DER response after the event, the Expert Panel had to contact PV inverter manufacturers directly.

The second concerns telecoms. Section 5.9 of the Final Report documents that the public earth-based and cellular telecom networks failed during restoration. Autonomous power supplies at the operator's repeaters and switching centres ran down once their batteries depleted. Red Eléctrica could not reach a DSO control centre in Sevilla for several hours, and demand restoration in Andalucía was paused as a result. DSOs fell back on satellite phones, VOIP and cloud-based communication software, and mobile generators were dispatched to keep telecom repeaters alive. ENTSO-E's resulting recommendation is plain: voice and remote-control channels between TSOs, DSOs and aggregators have to remain available when the public telecom networks are not.

The third concerns the cyber threat class. The Iberian event was a protective-trip cascade, not a cyberattack. The mechanism is different from the BlackIoT and SUN:DOWN attack models cited earlier in this paper. The outcome, however — tens of gigawatts of inverter-based generation disconnecting in seconds — is what a coordinated cyberattack on distributed inverters would aim to achieve.

The DER integration challenges discussed in this paper are not hypothetical. They are operating conditions on the grid today.

7. Future Directions and Research Questions

The work of the SC D2 DER Information Exchange Focus Group has identified several areas requiring further research and international collaboration. 

These represent not merely technical challenges but opportunities for CIGRE, our expert members, and our partner organisations to provide leadership in shaping the global energy transition in the topic of DER information systems, telecommunications, and cybersecurity.

Research Question 1: Semantic Interoperability at Scale How can the industry achieve semantic interoperability across heterogeneous DER protocols without creating performance bottlenecks or security vulnerabilities at translation points? What role should emerging technologies like digital twins, federated data models, and AI, play in enabling meaningful data exchange?

Research Question 2: Resilient Telecommunications for Black Start What telecommunications architectures can ensure DER visibility and control during extended grid outages when both utility and public communications infrastructure may be compromised? How can our experts from the diverse regions collate their experience to inform strategies for other regions? The Iberian blackout of April 2025 provides a recent, concrete reference point for this research.

Research Question 3: Aggregator Governance and Certification What governance frameworks should apply to DER aggregators who now control grid-scale resources? Should aggregators be subject to the same reliability and security standards as traditional utilities? What certification schemes (analogous to Japan’s JC-STAR and Italy’s CCI certification) could provide market-driven incentives for security investment?

Research Question 4: Zero Trust Implementation for DER OT How can Zero Trust Architecture principles be adapted for DER operational technology integrating with environments with legacy devices, real-time constraints, and limited computing resources? What are the latency requirements for different DER control applications, and how do various ZTA implementations affect these budgets and implications for potentially impacting the reliability of OT networks if overly complex?

Research Question 5: Coordinated Attack Detection and Response What detection mechanisms can identify coordinated cyberattacks across thousands of distributed DERs before they cause a grid-scale impact? How should incident response protocols balance system security (isolation/shutdown) against grid stability (continued operation)?

Research Question 6: Regulatory Harmonisation How can international standards bodies and regulatory authorities harmonise requirements to enable cross-border DER participation while respecting regional differences in market structure and risk tolerance? What role should mutual recognition agreements play?

8. Conclusion

The integration of Distributed Energy Resources represents more than a technical evolution — it is a fundamental transformation of the relationship between grid operators, market participants, and prosumers.

Some regions are choosing hardware-mandated conformity at the grid edge; others are betting on software-defined flexibility in the cloud. Some prioritise resilience through sovereign telecommunications infrastructure; others accept dependency on public networks in exchange for scale and economics. Some have closed regulatory gaps around distribution-connected DERs; others have vast populations of unregulated devices connecting to the grid daily.

These divergent paths reflect legitimate differences in risk tolerance, market philosophy, and starting conditions. But they create fragmentation that complicates equipment manufacturing, limits cross-border market participation, and prevents the sharing of best practices.

The Iberian blackout of April 2025 and other similar case studies served as a stark reminder that the challenges discussed in this paper are not hypotheticals and can no longer be considered rare events. These are the realities with immediate consequences for grid security. The event underscored the urgency of establishing robust information exchange, resilient telecommunications, and effective cybersecurity for the distributed grid.

The focus group discussions that informed this report demonstrated the value of international collaboration, and we are hopeful to continue our discussions and experience sharing with follow-up work in the research areas identified above.

As the power system transforms, the role of information systems, telecommunications, and cybersecurity will only grow more critical. The grid of the future will be defined not by how much power it can generate, but by how well it can observe, communicate, and protect the millions of distributed resources at its edge. Getting this right is essential for energy transition.

References

  1. U.S. Department of Energy, “Distributed Energy Resource Interconnection Roadmap,” January 2025 [online]
  2. Australian Government Department of Energy, “National Consumer Energy Resources (CER) Roadmap Implementation Plan Update,” August 2025 [online]
  3. QualityLogic, “IEEE 2030.5 Takes Off: The Latest News on the IEEE 2030.5 Standard,” 2024 [online]
  4. Attributed to focus group member from Korea, SC D2 DER Focus Group discussions, October 2025.
  5. CEI (Comitato Elettrotecnico Italiano), “CEI 0-16: Reference technical rules for the connection of active and passive users to HV and MV electrical networks of distribution companies,” 2022 with amendments, Annex O "DER Plant Controller", Annex T "Information exchange based on IEC 61850
  6. 450 MHz Alliance, “Annual Global Update,” December 2024 [online]
  7. METI (Ministry of Economy, Trade and Industry, Japan), “Cybersecurity Guidelines for Energy Resource Aggregation Business Revised,” May 2025 [online]
  8. Sandia National Laboratories, “Recommendations for Solar Energy Cybersecurity,” SAND2023-04512O, 2024 [online]
  9. Forescout Technologies, “SUN:DOWN Research: Critical Vulnerabilities in Solar Inverters,” 2025 [online]
  10. FERC, “FERC Order No. 2222 Fact Sheet,” 2020; Utility Dive, “FERC Order 2222 hurdles require new options for deploying aggregated DERs,” 2024. 
  11. ENTSO-E, “Network Code on Cybersecurity (NCCS),” 2024; European Commission, “New network code on cybersecurity for EU electricity sector,” March 2024. 
  12. U.S. Department of Defense, “Zero Trust for Operational Technology – Scope and Purpose,” November 2025 [online]
  13. ICS Investigation Expert Panel, Grid Incident in Spain and Portugal on 28 April 2025 — ICS Investigation Expert Panel Final Report, 20 March 2026.
  14. NREL, “Cybersecurity Standards Project: IEEE 1547.3,” 2024 [online
  15. RiskInsight-Wavestone, “IEC 62351 Standard: What cybersecurity measures are suitable for electrical networks?,” April 2024 [online
  16. NREL, “5G and Microgrids Might Be a Great Match,” 2024 [online]
  17. IEA, “Renewables 2024: Analysis and forecast to 2030,” 2024 [online]
  18. BloombergNEF, “2H 2025 Energy Storage Market Outlook,” 2025 [online]
  19. IEA, “Global EV Outlook 2025,” 2025 [online
  20. IEA PVPS, “Snapshot of Global PV Markets 2025,” 2025 [online
  21. Forescout Vedere Labs, “SUN:DOWN — Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems,” March 2025 [online
  22. C. MaGill and D. Saleem (NREL), “Cybersecurity Standards for Distributed Energy Resources: Gaps and Harmonization Strategy,” NREL/TP-5R00-92844, January 2025 [online
  23. M. Khatami et al., “Cybersecurity of distributed energy resource systems in the smart grid: A survey,” Applied Energy, vol. 385, 2025.
  24. Reuters (via Industrial Cyber), “US energy sector at risk, as Chinese inverters are under investigation for suspicious communication gear,” May 2025 [online
  25. NERC, “Cyber Security for Distributed Energy Resources and DER Aggregators,” White Paper [online
  26. U.S. DOE, “Energy Modernization Cybersecurity Implementation Plan,” December 2024 [online
  27. European Commission, “NIS2 Directive: Securing Network and Information Systems.” [online]
  28. NERC CIP-015, “Internal Network Security Monitoring,” FERC-approved July 2025.
  29. NARUC/DOE, “Cybersecurity Baselines for Electric Distribution Systems and DER,” 2025 [online
  30. IEEE Standards Association, “Protecting Our Power: Cybersecurity Standards for Distributed Energy Resources,” 2025 [online
  31. CSIP-AUS, “About CSIP-AUS,” 2025 [online] https://www.csipaus.org/about 
  32. IEC e-tech, “Cyber security for renewable energy systems,” Issue 2024-01 [online
  33. Ericsson, “The next-gen smart grid supported by 5G MCN,” July 2025 [online
  34. S. Katsikeas et al., “Cybersecurity and Resilience of Smart Grids: A Review of Threat Landscape, Incidents, and Emerging Solutions,” Applied Sciences, vol. 16, no. 2, p. 981, 2025.
  35. G. Dondossola, R. Terruggia, M. G. Todeschini, G. Bianco, L. D. Carpini and M. Modica, "Cybersecurity-Enabling Technologies: Digital Applications in the Energy Transition," in IEEE Power and Energy Magazine, vol. 22, no. 3, pp. 42-49, May-June 2024.

  • [1] "Latency" in this table refers to end-to-end information delivery time — from generation at the source to availability at the destination — not packet-level / TCP RTT. For Tier 3, this is dominated by scheduled exchange intervals (e.g., 5-minute settlement, 30-minute pre-dispatch, daily forecasts); underlying network packet latency is typically sub-second.

Suggested content

Resilience at the Edge: DER Integration Challenges for Information Systems, Telecommunications, and Cybersecurity

V. TAN, M. OWREN VALMOT, T. BIYELA, J. CASEIRO, G. DONDOSSOLA, D. HAEGDORENS, J. HONG, M. JAVOROVIC, S.C. LEE, J. LI, Y. NGO, M. UHLIN, C. ZHU

Top of page