Second Cohort of Clean Energy Cybersecurity Accelerator Continues System Visibility Evaluations

Dec. 5, 2024 | By Justin Daugherty | Contact media relations

Abstract background with text overlay: Cohort 2 Uncovering Hidden Risks on Utility Networks

Agility is key to responding to cybersecurity threats to the U.S. energy sector, but to navigate digital communication networks adeptly, the sector must first understand them at a deeper level.

The Clean Energy Cybersecurity Accelerator (CECA) program, in partnership with the U.S. Department of Energy’s (DOE's) Office of Cybersecurity, Energy Security, and Emergency Response and utilities, aims to decrease cybersecurity risk in the electric sector by expediting the deployment of emerging operational technology (OT) security technologies. Following a successful first cohort, CECA convened a second round addressing the complexity of industrial control systems (ICS) and risks arising from incomplete system visibility. That work includes recently completed evaluation of the runZero Platform.

A newly released summary report details CECA’s evaluation of Asimily’s risk management platform. The National Renewable Energy Laboratory (NREL) tested the platform, which raises visibility of connected devices by bolstering capabilities in device inventories, device vulnerability mitigation, risk modeling, threat detection, and incident response. Solutions selected to participate in CECA cohorts are evaluated using the Advanced Research on Integrated Energy Systems (ARIES) Cyber Range, a research environment that allows users to emulate and visualize digital communication networks and energy systems at an unprecedented level of granularity.

Nick Blair, technical team lead at NREL, highlighted the unique challenges and opportunities that arise when adapting cybersecurity strategies to meet the evolving demands of OT and future energy systems.

“CECA Cohort 2 focuses on the first function of the National Institute of Standards and Technology Cybersecurity Framework—identify,” Blair said. “It’s fascinating to see how different companies have tried to address this function in energy systems and what niches they can fill,” Blair said. “While there are numerous mature ways to do this in an information technology context, we’re looking at this problem through the lens of OT and future energy systems.”

Evaluating Asimily in CECA Cohort 2

Utility industrial control systems are dispersed, complex, and comprise various devices and protocols. Such complexity makes full visibility and risk awareness challenging.

The second solution tested in CECA Cohort 2 was Asimily’s risk management platform, which secures Internet of Things (IoT) devices for healthcare, manufacturing, the public sector, and other industries that depend on their numerous connected devices.

Asimily’s solution examines network traffic and parses protocols to aid with inventory management, vulnerability mitigation, and threat detection and investigations. The platform classifies devices, applications, services, and connections into families through use of a protocol analyzer, deep packet inspection, and machine-learning-based analysis.

CECA evaluated Asimily’s solution using varying scenarios. As in the runZero evaluation, the evaluation plan showcased how characteristics of the solution led to important performance outcomes, including:

How many assets the solution correctly identifies
The level of detail of the data collected by the solution
The amount of additional network traffic the solutions add
If and how the solution affects operations
Whether the solution notifies users of unexpected devices on a network
How the solution tracks changes to assets over time.

CECA tested solution characteristics across four scenarios. Scenario 1 examined how a solution performed when discovering a new environment not encountered previously and evaluated inventory accuracy, data richness, and additional network traffic. Scenario 2 examined how a solution tracked changes to an environment and evaluated change detection and alerts. The objective of Scenario 3 was to evaluate how a solution performs using alternative methods for asset discovery, looking at inventory accuracy, data richness, additional network traffic, and disruption of operations. Finally, Scenario 4 charted how a solution performed at scale, evaluating inventory accuracy, additional network traffic, and alerts.

Asimily’s solution identified all assets for which it was able to sample traffic consistently and rapidly. The solution’s ability to highlight network assets can assist critical infrastructure owners and operators in identifying risks they might otherwise miss. Asimily’s hybrid methodology of passive sampling and periodic targeted active scanning led to some enhanced visibility of networked devices without significant impact to system availability.

“Asimily starts with sampling traffic, but then does a lot of analysis on the back end to extract insights about the environment,” Blair said. “It’s interesting how they are able to build a picture of the environment and highlight risks that might not be obvious to an asset owner.”

Asimily CEO Shankar Somasundaram noted that the company is pleased to help advance OT security in the energy sector.

"Asimily is proud to showcase our solution to DOE and NREL, highlighting its role in advancing OT security for future energy systems,” Somasundaram said. “This evaluation demonstrates Asimily’s comprehensive capabilities, which are crucial for managing OT assets in the environment. Our distinctive ability to provide clear insights into connected assets will empower utilities to significantly reduce risk."

Dive into a more detailed summary of the Asimily evaluation and read the full report.

CECA is managed by NREL and sponsored by the DOE Office of Cybersecurity, Energy Security, and Emergency Response and utility partners in collaboration with DOE’s Office of Energy Efficiency and Renewable Energy.

Read more about CECA, program eligibility, and a summary of findings from Cohort 1 and subscribe to CECA email updates.