Cyber-Physical Security of Distributed Energy Resources in the UK Grid

This report is a technical document that examines the cyber security vulnerabilities associated with Distributed Energy Resources (DERs) in the UK grid. It outlines the challenges posed by the transition to a decentralised energy system, driven by Net Zero targets, and highlights the increased cyber-physical attack surface created by the deployment of technologies such as solar PV systems and electric vehicle chargers. The report details specific vulnerabilities in DER devices, including remote code execution flaws, cryptographic weaknesses, and supply chain risks. It also evaluates the regulatory landscape, noting gaps in existing standards like G98, G99, and G100, which inadequately address cyber security requirements. Furthermore, the report presents a multi-layered defence strategy and technical recommendations for securing DERs, emphasizing the need for secure development lifecycles, independent cyber security testing, and adherence to established standards. The document aims to strengthen the resilience of the UK's energy infrastructure against evolving cyber threats.