Abstract
Integrating OpenADR in smart grids enhances demand-response but introduces cybersecurity risks that must be addressed early in the planning phase. This paper presents a cybersecurity risk assessment case study for Lnett, a Norwegian DSO planning OpenADR implementation. Using a six-step, lightweight method, we identified 10 key cybersecurity risks. Stakeholder feedback highlighted the method’s structured approach, iterative process, and external expertise, while also noting challenges in defining the analysis object and tracking documentation. We derived six lessons and practical recommendations for DSOs implementing OpenADR or similar protocols, contributing to stronger cybersecurity resilience in demand-response systems and informing future smart grid risk assessments.