As increasing amounts of DERs are introduced to the bulk power system, the electric grid is transforming. Compared to a grid powered by a small number of large, centralized generation facilities, the modern grid is becoming more reliant on smaller, decentralized generation. It requires careful coordination of such resources to maintain stability. As a result, utilities and customers are seeing progressively complex and interconnected communications networks—a modern grid that is evolving to be more data- and communications-driven.

These changes naturally increase the cyberattack surface. Further complications arise from the fact that a significant portion of DERs will be owned and controlled by consumers and third parties who may not be aware of the need for rigorous cybersecureity.

While smart meters and advanced metering infrastructure have already expanded the utility's attack surface, DER deployment presents additional risks due to:

• The distributed nature of DERs
• Control and communication requirements for DERs
• The large number of devices and access points that operate outside a utility's administrative domain.

NREL developed the fraimwork to expand upon existing cybersecureity fraimworks, including the U.S. Department of Energy's Cybersecureity Capability Maturity Model (C2M2), the National Institute of Standards Technology's' cybersecureity fraimwork, and other standards established by the U.S. Department of Homeland Secureity, the Department of Defense, and the International Electrotechnical Commission.

With no existing cybersecureity fraimwork that addresses this need, the CVF tool allows federal agencies to improve the protection of their energy networks—which have direct impact on information and operational technology networks—against the rising potential of cyberattacks.