New DOE report evaluates clean energy cybersecurity technology

PRESS RELEASE: Today, the Department of Energy’s (DOE) Clean Energy Cybersecurity Accelerator™ (CECA) program published a report focused on the efficacy of a tool intended to help thwart cyber incidents against the energy sector. The CECA program, which is charged with expediting the development and deployment of innovative cybersecurity solutions for renewable energy resources, is supported by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and the National Renewable Energy Laboratory (NREL). As part of the program’s second cohort, NREL researchers evaluated runZero, a cyber asset attack surface management product, to identify efficiencies and gaps in functionality and capabilities that will inform cybersecurity solutions for clean energy technology. The results show that runZero can successfully identify and scan devices on industrial control systems (ICS) network without impeding their performance.    

“With evolving cybersecurity threats to U.S. energy systems, and with architectures changing as the grid modernizes, it is critical to drive adoption of innovative solutions,” said Dan LaGraffe, Deputy Director of CESER’s Risk Management Tools and Technologies Division. “We’re optimistic that the testing and results from the CECA program will help advance tools, like runZero, that can help improve security and resilience across the sector.”

“We are seeing more and more sophisticated attacks against critical infrastructure, particularly energy infrastructure,” said Rob King, Director of Research at runZero. “Working with CECA allowed us to prove that active scanning of operational technology (OT)/ICS infrastructure can be done safely and effectively and is important to securing these vital systems.”

CECA is a key component of DOE’s strategy to ensure America’s critical energy infrastructure remains reliable, resilient, and secure as more renewable energy is incorporated.  Funded by CESER in partnership with DOE’s Office of Energy Efficiency and Renewable Energy, CECA offers a unique collaboration opportunity for federal experts, energy industry representatives, and innovators to evaluate cybersecurity solutions at a powerful testing environment. During a period of three to 12 months, cohort participants receive professional evaluations of their technologies and partnership opportunities while developing and evaluating cyber-risk solutions in a collaborative setting.

CECA’s Cohort 2 is aimed at addressing asset owners’ limited visibility of the wide array of devices connected to an ICS network. This limited visibility inherently prevents system owners from understanding the risks in their system. The runZero tool is intended to improve an asset owner’s visibility into their environment without impeding system operations.

Read the full summary report of the runZero product for more information. Look for more reports from CECA’s Cohort 2 later in 2024.

‍