Cyber Security Services

Securing the future: Cyber-physical security of distributed energy resources in the UK grid

The UK’s energy transition to a decentralised energy system hinges on the secure integration of Distributed Energy Resources (DERs). However, without robust cyber security, the benefits of decentralisation could be eclipsed by systemic vulnerabilities.

Our latest whitepaper Cyber-physical security of distributed energy resources in the UK grid delves into these challenges and offers actionable insights and security guidance.

Understand the impact of DERs: Technical vulnerabilities open the door to attack

DER devices, such as solar PV systems, battery storage and EV chargers, are potential entry points for cyber attacks. Critical flaws in firmware and insecure APIs expose these devices to threats like remote code execution and data interception.

At the same time, the energy sector faces intensified threats, with vulnerability-based attacks surging by 124% in Q3 2024 alone. Adversaries can weaponise disclosed vulnerabilities within hours, bypassing traditional patch management cycles.

Attack consequences could be severe. A coordinated attack on DERs could mimic a DDoS event, overwhelming grid infrastructure. And firmware manipulation could bypass protection settings, creating a new class of grid malware.

Plus, attack consequences might not be immediately apparent. DERs, as edge devices with limited defences, are attractive targets for intruders to gain access, move laterally into critical Operational Technology (OT) systems, and bide their time, undetected. 

Regulatory gaps increase uncertainty 

A significant issue is that current regulations, including Engineering Recommendations G98, G99 and G100, focus on electrical safety evidence and testing in detail. However, specific cyber security testing and evidential requirements are less explicit, creating systemic risks, especially considering such equipment’s rapid and large-scale deployment. This puts additional pressure on those adopting DERs to build appropriate defences.

Next steps in securing DERs  

Securing DERs requires a multi-layered approach, including secure development lifecycles, third-party cyber security testing, anomaly detection, and secure telemetry and Over the Air (OTA) firmware updates.

To support the UK energy sector, we offer a comprehensive portfolio of cyber security services to address the specific challenges of securing DERs and the broader energy ecosystem. Our capabilities span secure design, validation, operational resilience and incident response.