The Cybersecurity Value At-Risk Framework, a hydropower-specific spin-off of the DER-CF, provides sites with a full cybersecurity review of their distributed energy resources. Photo from Rafael Kaup

To provide hydropower operators with complete and customized assessments of their cybersecurity risks and demonstrate the benefits of different investments, the National Renewable Energy Laboratory (NREL) and Argonne National Laboratory developed the Cybersecurity Value-At-Risk Framework (CVF).

The CVF is a hydropower-specific spin-off of the NREL-developed DER-CF, borrowing the DER-CF’s standardized cyber evaluation method and extending the scope to perform risk, impact, and likelihood scoring all within the valuation platform. Both frameworks follow the National Institute of Standards and Technology guidance for criteria like data handling, risk scores, and environmental footprint.

The CVF is a hydropower-specific spin-off of the NREL-developed DER-CF, borrowing the DER-CF’s standardized cyber evaluation method and extending the scope to perform risk, impact, and likelihood scoring all within the valuation platform. Both frameworks follow the National Institute of Standards and Technology guidance for criteria like data handling, risk scores, and environmental footprint.

Like the DER-CF, the CVF is an online tool that guides users through a detailed analysis of their plant’s operations. Users answer a series of questions, and their responses are then compared against multidimensional criteria for environmental, operational, and economic impact. Results and data from the CVF include specific risk probabilities and scores that are indicative of financial value and require cybersecurity improvements to withstand future threats.

The CVF was validated in an initial case study at the Lake Merwin Dam in Washington. Other utilities and federal agencies have also implemented the CVF and advised on its design. NREL offers opportunities for industry, university, and government agency members to leverage research expertise and state-of-the-art capabilities in cybersecurity. If you’re interested in a similar assessment for your site, fill out our technical assistance form fill out our technical assistance form.