The Department of Energy has released a report on the evaluation of a cybersecurity tool designed to counter cyberattacks against the energy sector.
DOE said Wednesday researchers at the National Renewable Energy Laboratory assessed a cyber asset attack surface management tool, called runZero, as part of the Clean Energy Cybersecurity Accelerator, or CECA, program’s second cohort and found that the technology could help scan and identify devices on industrial control systems — a.k.a. ICS — networks without hampering the performance of ICS assets.
The runZero tool is a configurable platform that uses active scanning and passive sampling to help organizations identify on-site devices, cloud-based resources and other information technology and operational technology assets on a network without disrupting system operations.
The technology seeks to help asset owners improve visibility into their network environments to better understand system risks.
“With evolving cybersecurity threats to U.S. energy systems, and with architectures changing as the grid modernizes, it is critical to drive adoption of innovative solutions,” said Dan LaGraffe, deputy director of the risk management tools and technologies division at DOE’s Office of Cybersecurity, Energy Security and Emergency Response.
“We’re optimistic that the testing and results from the CECA program will help advance tools, like runZero, that can help improve security and resilience across the sector,” added LaGraffe.
The CECA program is part of DOE’s strategy that seeks to ensure the security, resilience and reliability of the U.S. critical energy infrastructure. The program’s Cohort 2 intends to address visibility issues facing asset owners when it comes to various devices linked to an ICS network.