Abstract
In the 2023 National Cybersecurity Strategy, the Biden-Harris Administration defines the need for a "defensible, resilient digital ecosystem where it is costlier to attack systems than defend them." The strategy cites the Clean Energy Cybersecurity Accelerator (CECA) as an exemplary effort to bolster the security and resilience of clean energy generation. These efforts help "secure the clean energy grid of the future and [generate] security best practices that extend to other critical infrastructure sectors" and promise broad and far-reaching impacts to bridge the capabilities of private industry and the needs of energy production. Cohort 1 of CECA launched in the fall of 2022 with a focus on solutions that provide strong authentication and authorization for industrial control systems to mitigate attacks on the energy grid. Authentication and authorization verify that the identity (authentication) and permissions (authorization) of a user or device are aligned with their assigned roles. Weaknesses in either can have serious repercussions. To assess the strength of Cohort 1's solutions, CECA devised threat scenarios grounded in historical precedents: the CECA team reviewed exploits from real-world case studies of state-sponsored actors to match the assessment's attack paths and targets. Cohort 1 results provided the energy industry, product vendors, and related agencies valuable insights into the efficacy and applicability of solutions in common system configurations under realistic threat scenarios. The results of the assessment highlight points for interrogation and improvement in subsequent technology iterations. CECA's evaluations are part of an ongoing conversation and collaboration to bolster U.S. cyber resilience against adversaries today and in the future.
Original language | American English |
---|---|
Number of pages | 17 |
DOIs | |
State | Published - 2023 |
NREL Publication Number
- NREL/TP-5R00-86205
Keywords
- advanced persistent threat
- ARIES Cyber Range
- authentication
- authorization
- Berkshire Hathaway Energy
- Blue Ridge Networks
- CECA
- CESER
- Clean Energy Cybersecurity Accelerator
- Cohort 1
- cybersecurity
- Duke Energy
- EERE
- ICS
- Industrial Control Systems
- MITRE ATT&CK
- Sierra Nevada Corporation
- Xage Security
- Xcel Energy