A new generation of Energy Management Systems (EMS) is reshaping how grid operators, utilities, and large asset owners coordinate distributed energy resources (DERs)-with interoperability standards, open data models, and cybersecurity compliance now central to procurement and deployment decisions. The shift reflects both accelerating DER penetration and intensifying regulatory scrutiny of software and hardware components in critical infrastructure.
Background
Historically, power transmission and distribution have been managed as largely separate operational domains, but that separation is no longer sustainable as the boundaries between the two continue to blur. According to Hitachi Energy, transmission system operators now require real-time visibility into downstream activity-including rooftop solar, batteries, EV charging, flexible demand, and sub-transmission networks-while distribution operators need awareness of upstream constraints, voltage conditions, and system-wide stability risks.
DER adoption and grid decentralization are accelerating to meet global targets for net-carbon-neutral energy generation by 2030 and full carbon neutrality by 2050. However, the shift in generation topology has multiple effects on the grid, including altered user behavior and increased system complexity driven by DER generation variability-negatively affecting both control methods and EMS performance.
A review published in IET Renewable Power Generation found that next-generation control methods must execute a greater number of control actions across an increasingly varied mix of generator types, with higher fidelity, and in a coordinated manner across a larger, more complex system.
Details
EMS platforms are no longer passive monitoring and alarm tools-they are becoming the digital backbone of grid operations, actively coordinating assets, data, and decisions across the entire value chain.1IEEE SA - Protecting Our Power: Cybersecurity Standards for Distributed Energy Resources Hitachi Energy describes this evolution along two critical dimensions: coordinated control across transmission and distribution, and the ability to react faster than before.
On the interoperability front, the IEC 61970-301 Common Information Model (CIM), maintained by IEC Technical Committee 57, provides a standardized EMS application programming interface (API) for exchanging semantic data across power systems. By representing power system resources as object classes and attributes, the CIM facilitates the integration and interoperability of network applications developed independently by different vendors. Major EMS vendors have adopted the format to enable data exchange between their applications, independent of internal software architecture or operating platform.
Cybersecurity has emerged as the most contested regulatory front. IEEE 1547-2018, the foundational standard for DER interconnection and interoperability, did not mandate cybersecurity requirements at the DER interface. NREL is co-leading an effort to update the cybersecurity portion of the IEEE 1547-2025 standard revision. The working group includes contributors from across the energy sector and research institutions-utilities, national laboratories, aggregators, vendors, manufacturers, cloud service providers, and system integrators.
IEEE 1547.3-2023, developed by the IEEE SA Distributed Generation, Energy Storage and Interoperability Standards Committee, provides guidelines for the cybersecurity of DERs and their interconnection with electric power systems. A large majority of DERs today rely on management systems that communicate with electric power systems over the public internet, leaving the grid-DER interface vulnerable to cyber interference and attacks.
The exposure is not theoretical. A cybersecurity incident in Utah in March 2019 demonstrated how attackers can corrupt communications-in that case, exploiting vulnerabilities in security firewall devices to halt communications between system operators and distributed wind and solar utilities.
At the regulatory level, NARUC and the U.S. Department of Energy jointly developed Cybersecurity Baselines for electric distribution systems and DERs, defining the minimum set of cybersecurity controls that should be considered. These baselines may be used by regulatory bodies, electric distribution utilities, and DER aggregators as a framework for developing cybersecurity requirements in conjunction with Phase 2 implementation strategies. Separately, the National Association of Regulatory Utility Commissioners and the National Association of State Energy Officials are leading an advisory team that provides tools, access, and technical assistance to states, utilities, and the solar industry to develop cooperative cybersecurity strategies.
Outlook
Regulatory milestones over the next 12 to 24 months-including completion of the IEEE 1547-2025 revision and finalization of NARUC Phase 2 cybersecurity implementation guidance-are expected to directly shape EMS procurement requirements for utilities and asset owners. Utilities, independent system operators, distribution system operators, and transmission system operators continue to push for updated DER interconnection standards with enhanced grid-support functions. For facility managers and building owners, the convergence of open data models, standardized APIs, and enforceable cybersecurity baselines signals that EMS platform selection will carry increasing regulatory and operational weight.
