Rooftop solar, wind generation, battery storage, energy management systems—today’s grid features an array of distributed energy resources (DER), many with smart capabilities and two-way communication built in. These resources connect to distribution systems that are also increasingly smart and interconnected.

Those features help make possible the efficient operation of an increasingly complex system. Unfortunately, they also increase the vulnerability of the grid and co-op systems to cyber attacks by expanding what security experts refer to as “the attack surface.”

This surface encompasses all the points where someone intending to disrupt the system could find their way in. Many smart DER devices have Wi-Fi connections to allow remote firmware upgrades, which could provide an opportunity for a hacker to deploy malicious software that could infect the co-op’s local area network.

“This is a relevant risk for any device a cooperative connects to sensitive networks that can receive firmware updates pushed from the manufacturer,” says George Walker, a technical research analyst with NRECA’s Business and Technology Strategies (BTS) unit.

Cynthia Hsu, NRECA’s cybersecurity program manager, says connected DER resources should be included in a co-op’s “defense in depth” cybersecurity plan, which minimizes access to key networks and keeps critical operational systems and devices behind firewalls.

“The best way to assess the risk is to do a security assessment,” she says. “Generally these are done as partnerships with a trusted vendor that brings in a specific skill set to challenge the systems and devices and identify vulnerabilities.”

Walker and Hsu agree that if properly managed, co-ops can strike the right balance between the benefits and the vulnerabilities associated with connected devices.

“Any automation we add increases the attack surface of our system somewhat,” Walker says. “But smart automation can also make our power system more resilient, and every day, co-ops across America are working really hard to make smart decisions about the trade-offs as far as automation is concerned.”