As we inch closer to February 2022, the energy industry is preparing and closely watching what FERC Order 2222 will bring. According to FERC, it is heralded as the regulatory vehicle that will enable Distributed Energy Resources (DER) and their aggregators to participate alongside traditional generation resources in the regional wholesale markets. More specifically, it will “provide a variety of benefits including lower costs for consumers through enhanced competition, more grid flexibility and resilience, and more innovation within the electric power industry.” Given the proliferation of DERs and the forecasted projections, the industry concludes the installed capacity and output will continue to rapidly grow over the next few years. Developing a regulatory landscape makes sense to not only ensure fair and competitive practices, but to also manage risks, both in grid reliability and cybersecurity.

According to Sean Mcevoy of Veritone, the most pressing challenge is managing and processing all the data needed to accurately forecast energy supply while at the same time coupling it with optimized pricing to be competitive while not impacting reliability. California is already pressing ahead with not only encouraging DER development and piloting, but also legislating it into existence. Kavya Balaraman, writing for Utility Dive, describes what the California Public Utilities Commission (CPUC) has been doing with regards to pressing ahead on this front. One of the major concerns expressed by regulators is how this rush to market may not only impact cost, but also accessibility for customers to participate using their own renewable and storage resources.

Download NERC Order 2222 Fact Sheet

This brings us to the next challenge facing DER aggregators – cybersecurity. In one of my earlier articles for Energy Central, I discussed DERs and the Rise of the Peer-to-Peer (P2P) Energy Marketplace. One of the important tools needed for making this initiative a reality for prosumers (consumers and producers of energy) is a digital platform that can not only allow them to manage their individual renewable and storage resources behind the meter, but also participate in a community or utility aggregator market. Of course, this reality will also present its own cybersecurity risks, not only at the distribution level, but also at the platform itself. FERC has stated in no uncertain terms that the current CIP standards are insufficient given the expected sophistication of cyberattacks against the electric utility industry. Eventually, CIP standards will not only impact distribution assets and IT, but ultimately the assets and platforms that manage aggregation or even behind the meter resources.

Recent experiences serve as a valuable learning tool, such as the ransomware attack on the Colonial Pipeline and how their vulnerability was exploited. We also see a new cautious approach from the legislative side as well, such as California Governor Gavin Newsom proclaiming natural gas to be zero-carbon. Perhaps the realization of lunging ahead with ambitious renewable goals without planning an adequate transition has brought about a much-needed pause to reevaluate. This pause seems to have led legislators to change their vernacular deeming a once vilified fuel once again acceptable. In this same vein, if we don’t pause in how we reach ahead with DERs and their management to put adequate cybersecurity measures in place, we can only hope and prepare for what may be a regulatory landscape that will require it.