Clean Energy Cybersecurity Accelerator Cohort 1: Authentication and Authorization
- National Renewable Energy Laboratory (NREL), Golden, CO (United States)
In the 2023 National Cybersecurity Strategy, the Biden-Harris Administration defines the need for a "defensible, resilient digital ecosystem where it is costlier to attack systems than defend them." The strategy cites the Clean Energy Cybersecurity Accelerator (CECA) as an exemplary effort to bolster the security and resilience of clean energy generation. These efforts help "secure the clean energy grid of the future and [generate] security best practices that extend to other critical infrastructure sectors" and promise broad and far-reaching impacts to bridge the capabilities of private industry and the needs of energy production. Cohort 1 of CECA launched in the fall of 2022 with a focus on solutions that provide strong authentication and authorization for industrial control systems to mitigate attacks on the energy grid. Authentication and authorization verify that the identity (authentication) and permissions (authorization) of a user or device are aligned with their assigned roles. Weaknesses in either can have serious repercussions. To assess the strength of Cohort 1's solutions, CECA devised threat scenarios grounded in historical precedents: the CECA team reviewed exploits from real-world case studies of state-sponsored actors to match the assessment's attack paths and targets. Cohort 1 results provided the energy industry, product vendors, and related agencies valuable insights into the efficacy and applicability of solutions in common system configurations under realistic threat scenarios. The results of the assessment highlight points for interrogation and improvement in subsequent technology iterations. CECA's evaluations are part of an ongoing conversation and collaboration to bolster U.S. cyber resilience against adversaries today and in the future.
- Research Organization:
- National Renewable Energy Laboratory (NREL), Golden, CO (United States)
- Sponsoring Organization:
- USDOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
- DOE Contract Number:
- AC36-08GO28308
- OSTI ID:
- 1999782
- Report Number(s):
- NREL/TP-5R00-86205; MainId:86978; UUID:95d4e077-1218-4d4f-a492-17c5d3e607dd; MainAdminID:70542
- Country of Publication:
- United States
- Language:
- English
Similar Records
Dragonstone Strategy – State of Cybersecurity in the Oil & Natural Gas Sector
Cybersecurity for Grid Connected eXtreme Fast Charging (XFC) Station (CyberX) (Final Scientific/Technical Report)
Related Subjects
24 POWER TRANSMISSION AND DISTRIBUTION
advanced persistent threat
ARIES Cyber Range
authentication
authorization
Berkshire Hathaway Energy
Blue Ridge Networks
CECA
CESER
Clean Energy Cybersecurity Accelerator
Cohort 1
cybersecurity
Duke Energy
EERE
ICS
Industrial Control Systems
MITRE ATT&CK
Sierra Nevada Corporation
Xage Security
Xcel Energy