This training provides an introduction to the Distributed Energy Resources Risk Manager (DER-RM). The DER-RM application is a tool for managing authority to operate (ATO) energy systems and renewables. The DER-RM is an extension of the National Renewable Energy Laboratory's (NREL) DER Cybersecurity Framework (DER-CF) (dercf.nrel.gov), a much broader tool for mitigating gaps in cybersecurity at facilities and organizations. The DER-CF involves increased emphasis on physical security and technical management as well as a sharper focus on distributed energy technologies, whereas the DER-RM specifically focuses on the NIST Risk Management Framework, containing controls from the NIST 800 series; a major undertaking for federal sites and a critical framework for secure operations. This training, will outline and go over each step of the DER-RM: Prepare, Categorize, Select, Implement, Assess, and Authorize by overviewing an example system going through the ATO process.
Instructors
Tami Reynolds, Cybersecurity Project Manager and Lead, National Renewable Energy Laboratory Read Bio
Tami Reynolds is a project manager and lead for the Cybersecurity Evaluation and Application group at the National Renewable Energy Laboratory (NREL). She provides technical leadership in building out and marketing the Distributed Energy Resources Cybersecurity Framework (DER-CF) tool to industry and federal partners. She works closely with partners to develop a deep understanding of applying the U.S. Department of Energy (DOE) Cybersecurity Capability Maturity Model (C2M2) and National Institute of Standards Technology (NIST) Cybersecurity Framework to their renewable and distributed energy systems for the evaluation of cyber and physical security. Tami provides leadership in developing the Distributed Energy Resource Risk Manager (DER-RM), an NREL tool that will address the NIST Risk Management Framework with a focus on distributed energy resources. She works closely with chief information officers and chief information security officers of private industry partners to conduct cybersecurity assessments in the electric sector and provides support to the U.S. Agency for International Development in developing cybersecurity programs in developing countries. Tami's insight and innovative ideas on new efforts are helping to merge cybersecurity and resilience research.
Ryan Cryar, Cybersecurity Researcher, National Renewable Energy Lab (NREL) Read Bio
Ryan Cryar is a cybersecurity researcher in the Energy Security and Resilience center at the National Renewable Energy Laboratory. During his tenure at NREL, Ryan has conducted research and authored many papers focusing on cybersecurity of renewable energy resources. Ryan is a core contributor to UL 2941, IEEE 1547.3, and has led collaboration efforts with industry stakeholders. Ryan currently leads several efforts at NREL resulting in many state of the art technologies in the renewable energy sector, including the Distributed Energy Resources Cybersecurity Framework (DER-CF) and Distributed Energy Resources Risk Manager (DER-RM). Ryan's background is in computer science, applied mathematics, and cybersecurity. His research interests include applied cryptography for renewables, adversarial analysis of distributed systems, and software defined networking.
Learning Objectives
Upon completion of this training, attendees will be able to:
- Understand the importance of the authority to operate (ATO) process and how the DER-RM can help;
- Recognize, through new architecture, what is required to conduct an ATO process;
- Pinpoint and correct any information when provided with an ATO report; and
- Apply techniques which will streamline and manage their organization's ATO processes.
