Resilience at the Edge: DER Integration Challenges for Information Systems, Telecommunications, and Cybersecurity
For most of its history, the electric grid worked outwards from a small number of large power stations. A handful of control centres oversaw a few thousand assets, polling rates were measured in seconds, and the architecture worked because the network was predictable. That assumption no longer holds. Australia hosts more than 4.2 million rooftop PV systems and 450,000 residential batteries. The United States passed 4.7 million residential solar installations in 2023. Global distributed-storage capacity is projected to quadruple by 2030 against a 2018 baseline, driven largely by electric-vehicle adoption [1]. Distributed Energy Resources (DER) are no longer marginal additions; they are reshaping the grid’s architecture and the data flows it depends on.
By Victor Tan (Australia, SC D2 Chair), Marit Owren Valmot (Norway), Thuthukani Biyela (South Africa), João Caseiro (Portugal), Giovanna Dondossola (Italy), Davy Haegdorens (Belgium), Junho Hong (United States), Mario Javorovic (Croatia), Seok-Chan Lee (South Korea), Jianing Li (United Kingdom), Young Ngo (Canada), Mats Uhlin (Sweden), Chaoyang Zhu (China)
The CIGRE SC D2 Focus Group on DER, established in September 2025, has examined what this shift means for information systems, telecommunications, and cybersecurity. Drawing on contributions from twelve countries, our central observation is that progress in any one of these three areas now depends on the other two, and that the integration paths different regions are taking are diverging.
The traditional grid, where bulk generators supply consumers in a predictable flow pattern.
In a grid with high DER penetration, power flow becomes multidirectional, placing additional strain on transmission and distribution infrastructure and requiring more data exchange for coordination.
Data exchange: the problem of scale and diversity
Grid operators today need visibility across two regimes. The first is utility-grade DER on distribution feeders. The second is the consumer-edge tier of rooftop PV, home batteries, and electric vehicles. Both are now operationally significant, and each has converged on its own family of standards. IEC 61850, DNP3, and IEC 60870-5-104 dominate the utility tier. IEEE 2030.5, SunSpec Modbus, OpenADR, and OCPP have emerged at the consumer edge, often layered above OEM-proprietary cloud APIs.
The practical consequence is reduced visibility at the distribution edge. Gigawatts of generation now operate outside utility real-time monitoring, contributing to forecasting errors, voltage violations, and reverse power flows that can threaten upstream stability. Meaning is also lost as data moves from a DER to an OEM platform, an aggregator, a DSO, and a market operator. Custom translation layers accumulate at every boundary, raising integration cost and attack surface.
Even where a protocol is agreed, the data-quality contract usually is not. Service-level agreements covering latency, accuracy, and completeness are rarely standardised. Italy is one of the few exceptions. Under CEI 0-16, a Plant Central Controller must be installed at the point of interconnection and exchange measurements with the DSO every four seconds, with the threshold soon dropping from 1 MW to 100 kW. For most other regions, requiring this rigour from small DER is not yet practical or economic. Establishing harmonised data-quality SLAs in connection agreements is a clear near-term priority.
Global DER deployment growth curve (2010–2030): exponential increase in distributed solar, storage, and EV-charging infrastructure across major markets, with projections to 2030 showing the scale of the integration challenge
Telecommunications: private resilience, public reach
Reliable telecommunications carry the required data exchange between the DER and other grid participants, and the economics of connecting millions of small assets is often a choice between using private or public networks. The focus group documented a clear divergence.
In Germany, Austria, and Sweden, utility consortia are deploying private 450 MHz networks. Low-band spectrum suits utility applications: wide-area coverage with comparatively few base stations, and good penetration into basements and dense areas where smart meters and inverters are typically installed. The Austrian and German projects target around 1,600 base stations engineered for 72-hour ride-through during a grid outage. Sweden has dimensioned its network for ten days of autonomy on battery and diesel backup [2].
Markets shaped by deregulation and scale, including the United States, Japan, Korea, and much of Asia, have largely accepted public 4G/5G, supplemented increasingly by Low Earth Orbit satellites. Japan’s Energy Resource Aggregation Business framework explicitly permits public LTE, Wi-Fi, and LEO bearers, on the condition that security controls compensate for reduced bearer reliability [3]. Korea has taken a hybrid approach, with private 5G for large assets and NB-IoT or LTE-M for smaller ones. The result is a two-speed system, where only well-connected DER can monetise low-latency services.
As for the telecommunications bearer, a tiered architecture is emerging. Sub-20 ms paths for protection are still dominated by fibre and microwave. Sub-second SCADA and voltage control sit in the middle. Market settlement and forecasting, with minute-to-hour exchange cadence, can ride the public internet. 5G URLLC may eventually compress these tiers, but the operational maturity and Quality-of-Service governance needed to deliver the headline figures consistently are not yet in place.
Cybersecurity: the shifting boundary
The connectivity that makes DER useful also extends the attack surface well beyond utility-owned assets. Sandia’s 2024 review of grid-connected inverters reported unencrypted storage, default passwords, and exposed debug ports. Forescout's SUN:DOWN report (March 2025) identified 46 new vulnerabilities across major inverter vendors [4]; a Forescout follow-up scan in June 2025 found around 35,000 solar devices directly reachable on the public Internet. It was estimated that, in specific frequency-event scenarios, control of as little as ~2% of Europe's installed solar could be sufficient to produce grid-level effects. The risk is rarely a single device; it is the aggregate effect.
Regulation is still catching up, and unevenly so. In North America, NERC CIP applies to the bulk power system but leaves most distribution-connected DER outside federal jurisdiction. In Europe, the NIS2 Directive and the Network Code on Cybersecurity now extend horizontal obligations to generators, DSOs, and EV-charging operators, although Member State transposition remains uneven. Italy goes further, requiring IEC 62351-protected IEC 61850 communications and IEC 62443-certified components at every CCI.
A common thread across regions is the role of the aggregator as a trust boundary. Aggregators now control gigawatts of distributed capacity but often operate under IT-sector governance rather than the OT reliability regimes that apply to traditional utilities. NERC has noted that a single compromised aggregator could affect more than a thousand assets. Japan’s ERAB v3.0 guidance, revised in May 2025, addresses this directly and requires DER to retain autonomous local control, so an island can keep operating if the link to the aggregator is severed [3].
Zero Trust principles are gaining traction, but applying them to secure legacy OT without introducing complexity and unintended impact to availability a challenging balance.
Conceptual view of a Zero Trust Architecture, where identity is verified with authentication and authorisation at every point of the network
Real world impact
On 28 April 2025, the Iberian Peninsula experienced the most severe European blackout in over twenty years. The ICS Investigation Expert Panel Final Report of 20 March 2026 attributes the cascade to the operational framework around inverter-based generation rather than to renewable penetration as such: voltage and oscillatory phenomena triggered widespread protective trips, with plants operating in fixed-power mode and without sufficient reactive-power support [5].
Two findings from the report relate directly to our article. First, DER below 1 MW had no real-time data obligation, so DSOs had no view of their behaviour during restoration; the aggregate response had to be reconstructed afterwards from manufacturer data.
Second, public telecommunications degraded as repeater batteries depleted, and operators fell back on satellite phones and mobile generators.
The mechanism was a protective-trip cascade, not a cyber incident, but the outcome, tens of gigawatts of inverter-based capacity disconnecting in seconds is similar in scale to what a coordinated large-scale attack on distributed inverters would aim to produce.
From this real-world example, and other experiences drawn from our community of power system experts, they highlight the critical role of DER visibility, telecommunications resilience, and cybersecurity preparedness including incident response and disaster recovery, in today’s dynamic grid.
Looking forward
The integration paths different regions have chosen, ranging from hardware-mandated conformity at the edge, to software-based aggregation in the cloud, from sovereign telecoms to public networks, and from regulation-imposed cybersecurity to voluntary adoption, reflect real differences in market structure and risk appetite of integrating DERs into the grid. They also produce fragmentation. Opportunities exist to review and learn from each region to consolidate best practices and experiences.
The Focus Group has identified further work in semantic interoperability, resilient telecommunications for black start, aggregator governance, Zero Trust in OT, coordinated-attack detection, and regulatory approaches.
A workshop titled “Challenges and Recommendations for DER integration to the grid from the perspective of information exchange, cybersecurity and telecommunications” will be held on 26 August 2026 during upcoming CIGRE Paris 2026 conference, where we look forward to further discussions with our international community on this important topic. Please visit this page for details.
References
- IEA, Renewables 2024: Analysis and Forecast to 2030, 2024.
- 450 MHz Alliance, Annual Global Update 2024, December 2024.
- METI Japan, Cybersecurity Guidelines for Energy Resource Aggregation Business v3.0, May 2025.
- Forescout Vedere Labs, SUN:DOWN — Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems, March 2025.
- ICS Investigation Expert Panel, Grid Incident in Spain and Portugal on 28 April 2025 — ICS Investigation Expert Panel Final Report, 20 March 2026.
Want to go further? Discover related Publications on eCIGRE
► TB 929: Advanced Consumer Side Energy Resource Management Systems
► TB 495: Communications Access to Electrical Energy Consumers and Producers
► TB 685: Communication solutions for information exchange in the smart delivery of electrical energy
► TB 796: Cybersecurity: Future threats and impact on electric power utility organizations and operations
► TB 892: Impact of governance regulations and constraints on EPU sensitive data distribution and location of data storage
► TB 936: Enhanced Information and Data Exchange to Enable Future TSO-DSO Coordination and Interoperability
Banner and thumbnail credit: AI generated image by Mariana Pedroza on Lummi