The U.S. Department of Energy’s (DOE’s) National Renewable Energy Laboratory (NREL) has released a public report summarizing the outcomes of the second cohort of the Clean Energy Cybersecurity Acc...
As FBI Warns of Rising Cyber Threats in Renewable Energy Sector, runZero Demonstrates Effectiveness in Protecting Critical Infrastructure with No Impact on ICS Processes & OT Device Performance
AUSTIN, Texas: The U.S. Department of Energy’s (DOE’s) National Renewable Energy Laboratory (NREL) has released a public report summarizing the outcomes of the second cohort of the Clean Energy Cybersecurity Accelerator (CECA) program. As previously announced, runZero, a leading provider of Cyber Asset Attack Surface Management (CAASM), was selected as the first of two participants from numerous applications for this rigorous months-long evaluation.
CECA Cohort 2 aims to bridge the gap between the widespread use of tools for monitoring information technology (IT) networks and the less common adoption of tools for actively monitoring operational technology (OT) systems. The solutions assessed by CECA aimed to identify risks that asset owners might miss due to incomplete visibility of systems or device configurations. The goal of these solutions is to improve the visibility of OT systems, illuminate OT networks and assets, and clarify any associated risks. Capabilities such as asset identification, attack surface enumeration, and configuration management can all help OT asset owners gain a better understanding of their overall risk posture.
CECA’s work comes at a critical time. On July 1, the FBI issued a warning about increasing cyber attacks in the renewable energy sector. They advise organizations to monitor network activity for any unusual or suspicious traffic and activity. In addition, they have recommended other critical measures to overcome cybersecurity challenges. The evaluation of the runZero Platform demonstrated its effectiveness in addressing the urgent cybersecurity challenges facing the modern electric grid, including the most recent FBI warning.
CECA concluded that runZero's discovery methods significantly improve visibility into utility infrastructure with detection of all IP-addressable devices in the test environment. This was accomplished without impacting the performance of industrial control systems (ICS) assets or interfering with ongoing SCADA processes and communications. runZero leverages a unique combination of proprietary active scanning, novel passive discovery, and integrations to provide accurate, comprehensive visibility across IT, OT, and IoT environments, including delivering in-depth insights into potential risks and exposures that attackers could leverage.
According to the CECA report, runZero’s active scanning methods in the CECA test environment did not negatively impact system performance, challenging the widely held industry belief that active scanning inherently disrupts operations. The conclusion that active scanning in this environment proved safe with runZero is significant, opening the possibility of expanding scanning beyond traditional passive collection methods. CECA’s findings could be transformational for the energy industry since active scanning provides more comprehensive data about connected devices compared to passive discovery, giving security teams improved visibility to better secure ICS environments.
"runZero is thankful to DOE and NREL for the chance to showcase the effectiveness of our CAASM solution. The tests confirm that the runZero Platform and our unique combination of active scanning and native passive discovery provide advanced visibility into assets – both managed and unmanaged – without disrupting normal business operations. This serves as a crucial deterrent against external attacks," said Rob King, director of research at runZero.
Evaluation Criteria and Key Results for the runZero Platform
The evaluation plan outlined four scenarios to examine different aspects of the solution: initial discovery, change discovery, passive discovery, and scale discovery. Each scenario involved a scientific and repeatable set of procedures and data collection methods. The runZero Platform demonstrated the following key capabilities:
Cybersecurity is a complex and shifting field full of unique challenges. Threats, risks, architectures, and technologies will continue to evolve as the energy sector undergoes significant transformations. Innovation of solutions should be enabled to evolve as well. Using solutions such as those offered by runZero to identify control system assets and to monitor changes in that equipment is expected to improve the security of the industry as a whole, continued the report.
CECA is managed by NREL and sponsored by the Department of Energy’s (DOE’s) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and utility partners in collaboration with DOE’s Office of Energy Efficiency and Renewable Energy (EERE).
To learn more about runZero’s participation in the NREL CECA Program you can read their news story here.
To download the free and publicly available report, please visit https://www.nrel.gov/docs/fy24osti/89105.pdf.
Additional Resources:
About runZero
runZero delivers the most complete security visibility possible, providing organizations the ultimate foundation for successfully managing risk and exposure. Rated number one on Gartner Peer Insights, their leading cyber asset attack surface management (CAASM) platform starts delivering insights in literally minutes, with coverage for both managed and unmanaged devices across the full spectrum of IT, OT, IoT, cloud, mobile, and remote assets. With a world-class NPS score of 82, runZero has been trusted by more than 30,000 users to improve security visibility since the company was founded by industry veteran HD Moore.
Fonte: Business Wire
Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…
Eni's VC company invest in the Italian drone company to develop new solutions for industrial plants monitoring
Oracle recognizes Technology Reply’s ability to develop and deliver pioneering solutions through partnering with Oracle
Scheduled for October, the world's largest startup event will bring together more than 2,000 exhibitors in Dubai, UAE
TechCrunch Disrupt 2024 will feature cutting-edge technology from 24 tech startups from South Korea. The Korea Pavilion is presented by Korea Trade-Investment…
2024 AUDIT & BEYOND CONFERENCE — AuditBoard, the leading cloud-based platform transforming audit, risk, compliance, and ESG management, wrapped up…
In response to the growing demand for AI skills in the workforce, University of Phoenix is excited to announce the launch of new career-focused skill…
The "AI in Wound Care Market Industry Trends and Global Forecasts to 2035: Distribution by Type of Wound, Type of Acute Wound, Type of Chronic Wound,…