These baselines, coupled with the implementation guidance, are intended as resources for state public utility commissions, utilities, and DER operators and aggregators.
The National Association of Regulatory Utility Commissioners has partnered with the U.S. Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response (CESER) to develop a set of cybersecurity baselines for electric distribution systems and distributed energy resources (DER) that connect to them. This initiative recognizes that cybersecurity is an integral underpinning of power system resilience and builds on work that states have undertaken over the last decade to mitigate cybersecurity risk across their critical infrastructures.
The interim guidance focuses on two topics essential to Cybersecurity Baselines implementation: asset scoping and baseline prioritization. This information helps focus implementation to the most critical assets and protects them via application of the highest-priority baselines. The intention is to provide a starting point from which a solid cybersecurity foundation can be built and later expanded upon, following a risk-informed roadmap.
Resources
What's Next
The next step is to develop more detailed implementation guidance for entities interested in adopting the Cybersecurity Baselines as foundational cybersecurity requirements. Guidance will consider both voluntary and mandatory settings and include considerations for stakeholders of differing ownership models, sizes, and maturity levels. Topics such as engagement strategies, compliance approaches, and resource requirements will be included.
When completed, a final guidance will replace the interim draft. Look for the final version of the Implementation Guidance for Cybersecurity Baselines for Distribution Systems and DERs in mid-2025.
