On December 8, the U.S. Department of Energy (DOE) and the National Renewable Energy Laboratory (NREL) announced the first cohort of participants in the Clean Energy Cybersecurity AcceleratorTM (CECA) program, which aims to give next-generation cybersecurity tech a boost in the earliest stages of development to bring solutions to market more rapidly.
The Biden-Harris administration has set aggressive clean energy goals, including an economy powered by 100 percent clean energy by 2035, with net-zero carbon emissions by 2050. DOE is working to ensure America’s critical energy infrastructure remains reliable, resilient, and secure as more renewables are added to the power system. The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and Office of Energy Efficiency and Renewable Energy (EERE), which play critical roles in this effort, lead CECA and other programs and initiatives that support a streamlined clean energy transition, while encouraging the integration of cybersecurity measures at all phases of development and deployment.
The CECA program helps to address the most urgent security gaps in the modern electrical grid and supports innovative companies and organizations who can develop early-stage answers. By allowing cohorts of solution providers access to the NREL facility to focus on a particular area of interest, in this case authentication technologies for distributed energy resources, the CECA program will help advance solution design and development and will provide participants with a realistic proving ground for proposed new tech.
“Providing opportunities for testing and the development of new cybersecurity technology in a world-class laboratory environment will strengthen America’s energy infrastructure and our overall security posture,” said Puesh Kumar, Director of CESER. “This program helps advance our clean energy transition in a meaningful way and I congratulate the three participants in the first CECA cohort. It is our hope that their work with NREL will strengthen the cyber resilience of the U.S. energy sector.”
NREL ran a competitive process to select three solution providers with promising early-stage cyber-defense technologies. The CECA program will provide participants the opportunity to test their technologies and to iterate in a controlled environment as they prepare to bring their solutions to market. Solution providers will participate in a three-to-12-month incubation period, sharing ideas and threat intelligence before validating their solutions in the lab.
“Ensuring the security and resilience of our power system is paramount as we transition to a clean energy economy,” said EERE Acting Assistant Secretary Alejandro Moreno. “This cohort will test and validate their cybersecurity technologies against the highest-priority threat scenarios so we can stay one step ahead of any potential threats to our changing energy infrastructure.”
The three participants in the inaugural cohort have developed solutions to offer strong authentication for distributed energy resources and have recently begun the technical assessment of their technologies. The first cohort participants and their cyber defense technologies are:
- Blue Ridge Networks’ LinkGuard system “cloaks” critical Information Technology network operations from destructive and costly cyberattacks. The system overlays onto existing network infrastructure to secure network segments from external discovery or data exfiltration. Through a partnership with Schneider Electric, Blue Ridge Networks helped deploy a solution to protect SCADA systems for the utility industry.
- Sierra Nevada Corporation (SNC)’s Binary Armor® is used by the U.S. Department of Defense and utilities to protect critical assets, with the help of subject matter experts to deliver cyber solutions. SNC plans to integrate as a software solution into a communication gateway or other available edge processing to provide a scalable solution to enforce safe operation in an unauthenticated ecosystem. SNC currently helps secure heating, ventilation, and air conditioning systems; the programmable logical controllers; and wildfire detection, with remote monitoring for two different utilities.
- Xage uses identity-based access control to protect users, machines, apps, and data, at the edge and in the cloud, enforcing zero trust access to secure operations and data universally. To test technology in energy sector environments, Xage provides zero trust remote access, has demonstrated proof of concepts, and deploys local and remote access at various organizations.
U.S. utilities Berkshire Hathaway Energy, Duke Energy, and Xcel Energy are partnering with DOE and NREL on CECA as the first cohort comes online, and more utilities are expected join the program. At the end of each cohort cycle, participants will present their solutions to the utilities, with the goal of bringing their technologies to market and deploying them in utility environments to help secure the U.S. electric grid.
Cohort members will exit the program with competitive experience, new partnership opportunities, and professional evaluation pertaining to the most urgent cybersecurity challenges facing today’s critical infrastructure.
Applications for the second CECA cohort will open in early January 2023 for providers offering solutions that uncover hidden risks due to incomplete system visibility and device security and configuration.