Why Distributed Energy Resources Are Creating a Cybersecurity Talent Crisis in the Grid

This blog post explores how the rapid deployment of distributed energy resources (DERs) is transforming cybersecurity requirements in the energy and utility sector. As utilities integrate solar panels, battery storage, smart inverters, and other DERs into increasingly complex grid architectures, they face unprecedented cybersecurity challenges that require specialized expertise. The piece examines the regulatory landscape, emerging threat vectors, and the critical shortage of qualified cybersecurity professionals who understand both grid operations and cyber risk management.

In brief:

• DER deployment is quickly expanding the attack surface. Thousands of connected devices give hackers more ways to attack as power companies shift from large central plants to neighborhood-level energy sources.
• There are 4.7 million unfilled cybersecurity jobs in 2025, with even fewer experts who understand both power grid operations and cyberthreats.
• Government regulations can’t keep up with rapid changes, especially for smaller energy systems that don’t fit existing rules.
• Old security systems are failing. Combining power plant controls with regular computer networks creates unanticipated new vulnerabilities.
• Hiring cybersecurity consultants for specific projects provides specialized energy expertise without the high costs and difficulty of finding full-time employees.

The energy sector faces a perfect storm: a severe cybersecurity talent shortage colliding with the massive security risks that distributed energy resources (DER) like solar panels and battery storage create.

Cyberattacks in the utilities sector have increased rapidly, with an 80 percent year-over-year increase in ransomware attacks on utilities companies in 2024. Sixty-seven percent of the world’s largest energy companies suffered a ransomware attack in 2024.

But it’s hard to find well-qualified cybersecurity employees to help mitigate these attacks. The 2024 ISC2 Cybersecurity Workforce study found that there are 4.7 million unfilled cybersecurity jobs worldwide, creating a severe talent and skills gap amid growing demand.

In the distributed energy resource sector, this creates a complex web of cybersecurity challenges around a vulnerable grid that requires specialized expertise. Add in fast-moving regulatory complexity, consumer safety, and economic impact, and the industry teeters on massive disruption.

The DER Revolution: Transforming Energy Infrastructure

Some experts say DER is having its third major energy revolution as we approach a carbon-free industry landscape. Companies are racing to update their infrastructure, engage the public with new initiatives, and make informed policy and investment decisions.

Defining the DER Landscape

The DER industry comprises small-scale energy resources located near electricity generation sites. It includes solar panels, battery storage, smart inverters, microgrids, and electric vehicles (EVs) — all exciting emerging technologies that are being rapidly deployed. These tools reduce carbon emissions, empower consumers to participate in sustainability, and future-proof our energy resources.

However, over the last decade, DER has strained the existing electrical grid. In the U.S. alone, solar deployments are growing annually by 28 percent, and worldwide, over 20 percent of new cars sold were electric. This creates challenges for the traditional power grid, introducing variability, infrastructural limitations, and advanced coordination across different platforms and systems.

The Shift From Centralized to Distributed

Historically, electricity flowed one way from power plants to consumers. Now, distributed systems have multiple small-scale generators located near the point of use. The system sends power back and forth, and this requires advanced real-time monitoring and control to optimize operations.

Regulatory Drivers Accelerating DER Adoption

Government policies and utility mandates are also driving the intense growth of DER. The U.S. Department of Energy (DOE) is funding grid monetization and programs that speed up adopting renewable energy at scale, like expanded tax credits as long-term incentives for solar or EV infrastructure. States like California are embracing new utility mandates that fully integrate DER into the old systems.

The Big Beautiful Bill, introduced by President Trump, temporarily rolls back some of the renewable energy initiatives and modifies tax incentives. Yet, despite these new regulatory changes, project demand in the DER industry is still growing. Regardless of the long-term effects of these new regulations, they underscore the rapid pace of the modern energy sector.

Now that we have a better understanding of the modern DER landscape, let’s discuss the cybersecurity challenges it presents.

New Cybersecurity Challenges in the DER Era

With an expanded grid comes a larger attack surface, thousands of unique threat vectors, and a growing need for edge cybersecurity.

Bethany Deeds, data protection and audit manager, and my colleague, says, “DERs face different cybersecurity vulnerabilities compared to traditional energy infrastructure, such as a vastly expanded attack surface, weakened perimeter, divided administration, insecure communication protocols, physical cyber interdependencies, and significant supply chain risks.”

Expanded Attack Surface

Now, thousands of interconnected devices are vulnerable points for cyberattacks. Edge computing is especially vulnerable. More and more enterprise data is handled at the edge, making it a gold mine for cybercriminals.

Additionally, even typical energy communication protocols such as DNP3, IEC 61850, and IEEE 2030.5 often leave gaps that can be exploited for spoofing and man-in-the-middle attacks, potentially disrupting grid stability significantly. They simply weren’t built for modern cybersecurity.

Unique Threat Vectors

Cybercriminals get creative with DER attacks. They perform device-level attacks on inverters and controllers and work to infiltrate the sensitive global supply chain through DER components. They also coordinate attacks to overload DER installations and attempt to breach data within distributed monitoring systems.

Operational Technology and Information Technology Convergence

Additionally, traditional operational technology (OT) and information technology (IT) often operate in silos, and cloud connectivity and remote management introduce risks within these disparate systems. Integrating them with enterprise systems and third-party platforms makes it a situation ripe for exploitation, with potential for lateral movement and unauthorized access.

Regulatory Complexity and Compliance Challenges

The cybersecurity landscape is changing faster than ever, and regulators are implementing a slew of rapid changes concurrently. These evolving frameworks are complex and interconnected, typically requiring outside, third-party support.

For example, expanding scope and asset classification with the 2025 NERC CIP brings DER more fully into the regulatory perimeter after years of limited oversight.

Evolving Regulatory Framework

Within the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), DER is growing more relevant. FERC Order 2222 enables DER to participate in wholesale energy markets through aggregation, which increases exposure to cybersecurity risks.

New cybersecurity regulations can vary significantly by state, making it challenging to rely on general guidelines. This creates points of vulnerability across different locations.

Compliance Gaps and Gray Areas

DER struggles in traditional compliance because legacy guidelines simply don’t account for evolving regulations, decentralized infrastructure, and the growing demands of modern cybersecurity.

For example, many small and medium-sized DERs don’t fall within the size thresholds. It’s also unclear who owns cybersecurity within DER, and the complexity of cross-jurisdictional compliance creates overlapping and inconsistent regulations.

Without a unified framework, it’s tough to manage security complexities at scale.

Emerging Standards and Best Practices

Emerging standards are working diligently to lay the groundwork for consistent DER cybersecurity. Industry standards, such as IEEE, IEC, and NIST, can provide foundational best practices for access control, device connectivity, integration, and data encryption.

Other initiatives, such as the DOE’s Cyber-Informed Engineering group, create task forces to bring together platforms and regulators to run pilot programs and share lessons learned. Also, companies are encouraged to adopt frameworks proactively to build trust and secure infrastructure voluntarily.

Deeds also highlights key compliance gaps that have existed forever: “Low-impact assets were historically underprotected, and distribution systems were extremely fragmented. Regulations around vendor and supply chain are still catching up, and smaller utilities and co-ops with limited cybersecurity expertise and budgets are struggling to rapidly adopt these new controls.”

Now that we’re clear on the major regulatory challenges and complexities, let’s also discuss the growing cybersecurity talent gap within the energy and utilities sector, which exacerbates the situation.

The Cybersecurity Talent Gap in Energy and Utilities

Sixty-seven percent of organizations report a moderate-to-critical skills gap in cybersecurity. The cybersecurity workforce gap increased by 19 percent to over 4.7 million unfilled jobs in 2024, and projections indicate it’s not expected to improve.

Skills Gap Analysis

Energy companies aren’t just looking for people with traditional cybersecurity skills — they have specific energy sector cybersecurity requirements for their talent. For example, a traditional IT expert might secure a cloud server but feel uncertain about how to implement a DER resource on the cloud. There’s an intense need for cross-domain expertise that combines grid operations and cybersecurity skills, but there’s a massive shortage of qualified candidates with both backgrounds.

In-Demand Expertise and Certifications

Energy-specific cybersecurity certifications, such as the NERC System Operator and SANS ICS, are in high demand, as well as engineering backgrounds in electrical power systems. These are specialized certifications that delve deeper than standard IT knowledge, encompassing grid system operations and industrial protocols.

Plus, it’s helpful when workers have regulatory compliance and audit experience in addition to developing and implementing incident response for critical infrastructure.

Workforce Development Challenges

It’s never an easy answer to simply reskill the entire existing workforce. There are long training cycles for specialized knowledge, workforce competition with other infrastructure, and budget constraints that limit permanent, full-time hires. Additionally, expertise is sometimes geographically distributed, clustering in areas such as the energy-rich Houston, Texas, or the policy-driven Washington, D.C. This makes it difficult for rural locations to access this specialized talent.

We’ve introduced the challenges surrounding the complex DER landscape, including the rise in cybersecurity attacks, rapidly evolving industry regulations, and a growing talent gap. Now, let’s discuss the potential solution: fractional and project-based cybersecurity support.

Strategic Solutions: Fractional and Project-Based Cybersecurity Support

More modern alternatives to traditional hiring include fractional chief information security officers (CISOs), advisory services, and project-based DER employment. Not only are these solutions more cost-efficient, but they’re also more specialized. Organizations can access deep expertise without long-term commitments.

It’s a scalable and flexible solution built for evolving DER programs, regulatory compliance guidance, proactive gap assessments and risk management framework development. Expert project-based and program support companies like Centric Consulting can help build DER cybersecurity assessments, penetration testing, incident response planning, and tabletop exercises for real-world simulations. An expert strategic partner also helps evaluate third-party threats and supply chain risk management.

With fractional and project-based specialized support, projects can remain ongoing. A long-term strategic partnership means continuous monitoring and ongoing threat intelligence, regular compliance audits and preparation, and consistent training and awareness programs for internal teams.

Additionally, a true long-term partner knows your organization better than any one-time provider. For example, they are likely aware of upcoming leadership transitions, new business plans, expansions, and future-facing operational risks that may not yet exist.

Accelerate DER Growth With Flexible Cybersecurity Workforce Models

The DER industry represents incredible gains in sustainability and a greener, more connected future. However, the industry is facing significant growth pains with new and shifting regulations, an underskilled workforce, and increasing cybersecurity sophistication.

As a leading managed cybersecurity services provider in the energy sector, Centric Consulting works to build long-term resilience and turn your greatest headache into your most significant competitive advantage.

Start by assessing your cybersecurity readiness for DER, and work with a third-party provider like Centric to navigate this complex landscape. The future of grid cybersecurity requires adaptive strategies that the traditional, full-time hiring model cannot solve. Together, we need to redesign the DER workforce to create a distributed and data-driven model for smart grid security.

Our Cybersecurity experts can help you address your most pressing cybersecurity issues and keep compliance a continuous commitment at your organization. Contact us