Critical Energy Cybersecurity Accelerator

Led by NREL, the Critical Energy Cybersecurity Accelerator^TM (CECA) advances cyber innovation to defend modern, renewable energy technologies against high-priority cybersecurity risks to the energy sector.

New technologies and architectures are integrated into legacy systems every day, increasing complexity and introducing the potential for new cyber vulnerabilities to emerge. Now is the time to integrate cyber innovations into our nation's energy systems to ensure we outpace evolving threats.

In support of this, CECA has two concurrent evaluation tracks: (1) The market-ready track evaluates commercial solutions, and (2) the premarket track evaluates technologies within the U.S. Department of Energy's (DOE's) portfolio.

Facilitated by NREL, CECA evaluates selected solutions and technologies against realistic threat scenarios to accelerate their adoption and transfer to market.

Leading Efforts To Secure the Grid

CECA is an important element of the White House's National Cybersecurity Strategy, a major milestone in the journey toward a more secure, connected, and resilient future for all Americans. For details, see strategy Pillar 4: Invest in a Resilient Future.

Market-Ready Track
Premarket Track

CECA's market-ready track assesses commercial technologies that offer solutions to critical risks and challenges identified by electric utilities, with each cohort focused on a different theme.

Participating members can expect to exit the program with competitive experience, new partnership opportunities, and professional evaluations related to the most urgent cybersecurity challenges facing modern energy systems.

Cohorts

In 2022, CECA convened its first cohort of cybersecurity solution providers to research and develop technologies. The innovators delivered valuable insights about the efficacy and applicability of solutions in common-system configurations under realistic threat scenarios.

The CECA Cohort 1: Authentication and Authorization summary report highlights technology applications for verifying the identity and permissions of energy system devices. CECA's evaluations are part of an ongoing conversation and collaboration between utilities and industry partners to bolster U.S. cyber resilience against current and future adversaries.

In addition to documenting the research process and outcomes, the report includes:

A summary of the theme and challenge of this first cohort
An introduction to the solution providers and their technologies
A description of the Advanced Research on Integrated Energy Systems (ARIES) Cyber Range
A list of the threat scenarios and key takeaways from the test and evaluation results.

CECA Cohort 2 focused on delivering solutions that identify industrial control system assets connected to a utility's infrastructure—including unauthorized, unmanaged, or compromised assets requiring removal or remediation. The solution providers that participated in Cohort 2 were runZero and Asimily.

The solutions underwent rigorous testing in a cyber-physical environment, including a representative architecture of operational technology hardware-in-the-loop, to assess the richness of the identified asset information and their impacts on the environment, among other key features. Read the runZero Public Report and the Asimily Public Report.

Program Eligibility

CECA follows a down-selection process to determine the topic of each cohort, which dictates the environment, threat emulations, scenarios, and length of the evaluation. Cohorts go through an accelerator period of 3 to 6 months, sharing ideas and threat intelligence before validating solutions in the lab. To be eligible for the program, interested solution providers must:

Be a U.S.-owned or U.S.-controlled company
Offer technology solutions that align with the topic of the cohort
Be at a technology readiness level 6 or above as defined by DOE's Technology Readiness Assessment/Technology Maturation Plan Process Guide (see appendix for definitions).

This initiative is sponsored by DOE's Office of Cybersecurity, Energy Security, and Emergency Response in collaboration with the Office of Energy Efficiency and Renewable Energy and NREL. Strategic direction and cost-sharing is provided by utility partners.

CECA's premarket track aims to advance the technology readiness levels of cutting-edge cybersecurity technologies across DOE's 17 national laboratories that fill critical technical gaps within the current marketplace.

Technologies in this track receive iterative laboratory testing in realistic energy environments, commercialization support, and resources for industry engagements. They are also benchmarked, pre- and post-evaluation, against DOE's Technology Readiness Assessment/Technology Maturation Plan Process Guide.

Government technology owners who are interested in being considered for CECA's premarket technology evaluation track are invited to subscribe to the CECA mailing list.

Cycles

In 2024, CECA launched the premarket technology track pilot. In the proof-of-concept pilot, CECA evaluated the Cybersecurity Situational Awareness Tool (CYSAT), exposing it to new environments, new technologies, new data, and new attack scenarios. Through testing, the CYSAT development and CECA research teams expanded the tool’s application, added functionality, improved its scalability, and increased its technology readiness level from 3 to 4. Commercialization support through the program is helping the CYSAT development team identify steps toward higher technology readiness levels.

A call for applications for the first post-pilot evaluation, Cycle A, will be announced in February 2025. Along with DOE’s Office of Cybersecurity, Energy Security, and Emergency Response, CECA will review applications from a pool of cybersecurity technologies within DOE’s research and development portfolio and will conduct test integration acceleration cycles in 2025.

This initiative is sponsored by DOE's Office of Cybersecurity, Energy Security, and Emergency Response.

Cyber Range Technical Assessment

Solutions in both tracks undergo testing in the Advanced Research on Integrated Energy Systems (ARIES) Cyber Range. With connection to more than 20 MW of energy system hardware, this environment subjects the technologies to realistic threat scenarios, facilitated by NREL staff. ARIES users can evaluate technologies at scale through real-time visualizations of proactive defense and automated response.

Subscribe to receive CECA email updates related to current and future cohorts.

Subscribe to NREL's quarterly Innovation and Entrepreneurship Center Newsletter to learn how NREL is helping cleantech startups accelerate their paths to market.

Subscribe to NREL's monthly Energy Systems Integration Newsletter for updates on energy security and resilience.

Contact

Contact the CECA program administrator with questions.