Clean Energy Cybersecurity Accelerator: Cohort 2

NREL’s Clean Energy Cybersecurity Accelerator (CECA) sought to address the inherent physical and technological breadth, variation, and complexity of industrial control systems (ICS) with Cohort 2.

As market forces drive the electric sector to build a smarter grid powered by renewable energy, digital technologies enable innovative operational models through advanced monitoring and control in industrial control systems.

Clean Energy Cybersecurity Accelerator Cohort 2: Uncovering Hidden Risks on Utility Networks logo.

ICS networks often contain a rich mix of devices developed by multiple vendors over a substantial range of time. Such technological diversity limits asset owner visibility into systems. Cohort 2 evaluated solutions designed to identify risks posed by the lack of visibility into ICS and tested the ability of solutions to improve asset owners’ ability to accurately identify known and unknown devices that are connected to their system at any time.

Solutions tested in CECA Cohort 2 are designed to improve "visibility" into ICS system or device configurations. Testing evaluated both the ability of solutions to improve asset owner visibility into system or device configurations and the impact of the solution on system processes. The latter specifically addresses lingering industry concerns about the potential for active scanning to impact ICS processes and subsequent reliance on limited passive discovery.

The first report from CECA Cohort 2 evaluates the runZero product, a highly configurable tool that discovers information about individual assets and displays detailed information about each device in an ICS environment. The runZero Public Report details the Cohort 2 theme, runZero’s solution, and the evaluations performed, and provides a summary of findings in addition to areas of future exploration. Below is a summary of the key takeaways from the report. Download the full report.

The second report from CECA Cohort 2, evaluating the Asimily product, will be available in late 2024.

In the News

Second Cohort of Clean Energy Cybersecurity Accelerator Evaluates System Visibility, NREL News (2024)

Second Clean Energy Cybersecurity Accelerator Cohort Evaluates Solutions That Uncover Hidden Risks on Utility Networks, NREL News (2024)

Asimily Joins Second Cohort of Clean Energy Cybersecurity Accelerator, NREL News (2024)

runZero

Cybersecurity is a complex field full of unique challenges. Threats, risks, architectures, and technologies will continue to evolve as the energy sector undergoes significant transformations. Solutions such as the runZero product tested by CECA can help to identify control system assets and to monitor changes in equipment, which can improve the security of the industry as a whole.

The runZero products comprise a highly configurable tool that uses deployed programs and a server-based user interface to discover information about individual assets and to compile a detailed, real-time assessment of each device in an ICS environment. CECA evaluation of the runZero product showed that it found all devices in the environment except for those which were not IP-addressable (i.e., connected to a remote terminal unit via serial). The runZero product is one of a class of solutions designed to improve an asset owner's visibility into their environment without impeding system operations. This improved visibility subsequently enhances risk assessment and appraisal.

Clean Energy Cybersecurity Accelerator operating environment which includes a wide area network that reaches out to a control center, a substation, and a PV plant.
The CECA operating environment used to test the runZero solution.

CECA tested the runZero product against multiple ICS protocols and devices to validate applicability of the conclusions to the greatest degree possible. Although the testing results are not universally generalizable, CECA’s conclusions challenge concerns with active scanning in today's energy systems (see full report for discussion and citations). Active scanning in the CECA test environment proved safe, opening the door to expand scanning beyond passive collection methods.

Conclusions from CECA’s evaluations indicate multiple benefits for industry:

  • Active scanning provides a richer set of data about the connected devices than passive discovery.
  • Active scanning in the CECA operational technology environment improved visibility without impact on system performance or disruption of ICS assets or ongoing supervisory control and data acquisition processes and communications.

Download the runZero Public Report.

Learn More

Subscribe to receive CECA email updates related to current and future cohorts.

Subscribe to NREL's Energy Systems Integration newsletter for monthly updates on energy security and resilience.

Access the CECA GitHub Evaluations.

Contact

Contact the Clean Energy Cybersecurity Accelerator program administrator with questions.

Share