Date: February 1, 2019
Recently developed Distributed Energy Resource (DER) interoperability standards include communication and cybersecurity requirements. In 2018, the US national interconnection standard, IEEE 1547, was revised to require DER to include a SunSpec Modbus, IEEE 2030.5 (Smart Energy Profile, SEP 2.0), or IEEE 1815 (DNP3) communication interface but does not include any normative overarching cybersecurity requirements. IEEE 2030.5 and associated implementation requirements for California, known as the California Smart Inverter Profile (CSIP), prescribe the greatest security features—including encryption, authentication, and key management requirements. SunSpec Modbus and IEEE 1815 security requirements are not as comprehensive, leading to implementation questions throughout the industry. Further, while the security features in IEEE 2030.5 are commonly used in computing platforms, there are still questions of how well the technologies will scale in highly-distributed, computationally-limited inverter environments. In this paper, (a) the elements of IEEE 2030.5 encryption, authentication, and key management guidelines are analyzed, (b) potential scalability gaps are identified, and (c) alternative technologies are explored for possible inclusion in DER interoperability or cybersecurity standards.