runZero Discovers all IP-Addressable Assets and Proves Active Scanning is Safe for Operational Technology in NREL/CECA Testing
July 24 2024 - 12:21PM
Business Wire
As FBI Warns of Rising Cyber Threats in
Renewable Energy Sector, runZero Demonstrates Effectiveness in
Protecting Critical Infrastructure with No Impact on ICS Processes
& OT Device Performance
The U.S. Department of Energy’s (DOE’s) National Renewable
Energy Laboratory (NREL) has released a public report summarizing
the outcomes of the second cohort of the Clean Energy Cybersecurity
Accelerator (CECA) program. As previously announced, runZero, a
leading provider of Cyber Asset Attack Surface Management (CAASM),
was selected as the first of two participants from numerous
applications for this rigorous months-long evaluation.
CECA Cohort 2 aims to bridge the gap between the widespread use
of tools for monitoring information technology (IT) networks and
the less common adoption of tools for actively monitoring
operational technology (OT) systems. The solutions assessed by CECA
aimed to identify risks that asset owners might miss due to
incomplete visibility of systems or device configurations. The goal
of these solutions is to improve the visibility of OT systems,
illuminate OT networks and assets, and clarify any associated
risks. Capabilities such as asset identification, attack surface
enumeration, and configuration management can all help OT asset
owners gain a better understanding of their overall risk
posture.
CECA’s work comes at a critical time. On July 1, the FBI issued
a warning about increasing cyber attacks in the renewable energy
sector. They advise organizations to monitor network activity for
any unusual or suspicious traffic and activity. In addition, they
have recommended other critical measures to overcome cybersecurity
challenges. The evaluation of the runZero Platform demonstrated its
effectiveness in addressing the urgent cybersecurity challenges
facing the modern electric grid, including the most recent FBI
warning.
CECA concluded that runZero's discovery methods significantly
improve visibility into utility infrastructure with detection of
all IP-addressable devices in the test environment. This was
accomplished without impacting the performance of industrial
control systems (ICS) assets or interfering with ongoing SCADA
processes and communications. runZero leverages a unique
combination of proprietary active scanning, novel passive
discovery, and integrations to provide accurate, comprehensive
visibility across IT, OT, and IoT environments, including
delivering in-depth insights into potential risks and exposures
that attackers could leverage.
According to the CECA report, runZero’s active scanning methods
in the CECA test environment did not negatively impact system
performance, challenging the widely held industry belief that
active scanning inherently disrupts operations. The conclusion that
active scanning in this environment proved safe with runZero is
significant, opening the possibility of expanding scanning beyond
traditional passive collection methods. CECA’s findings could be
transformational for the energy industry since active scanning
provides more comprehensive data about connected devices compared
to passive discovery, giving security teams improved visibility to
better secure ICS environments.
"runZero is thankful to DOE and NREL for the chance to showcase
the effectiveness of our CAASM solution. The tests confirm that the
runZero Platform and our unique combination of active scanning and
native passive discovery provide advanced visibility into assets –
both managed and unmanaged – without disrupting normal business
operations. This serves as a crucial deterrent against external
attacks," said Rob King, director of research at runZero.
Evaluation Criteria and Key Results for the runZero
Platform
The evaluation plan outlined four scenarios to examine different
aspects of the solution: initial discovery, change discovery,
passive discovery, and scale discovery. Each scenario involved a
scientific and repeatable set of procedures and data collection
methods. The runZero Platform demonstrated the following key
capabilities:
- Accurately identified all IP-addressable assets in the
environment and collected detailed information about each
identified device and all open ports, including the ability to
detect OT protocols like Modbus.
- Identified and alerted on the introduction of new devices and
changes to existing devices in the environment.
- Built an accurate inventory of assets through proprietary
active scanning and passive traffic sampling, discovering all
IP-addressable IT and OT assets.
Cybersecurity is a complex and shifting field full of unique
challenges. Threats, risks, architectures, and technologies will
continue to evolve as the energy sector undergoes significant
transformations. Innovation of solutions should be enabled to
evolve as well. Using solutions such as those offered by runZero to
identify control system assets and to monitor changes in that
equipment is expected to improve the security of the industry as a
whole, continued the report.
CECA is managed by NREL and sponsored by the Department of
Energy’s (DOE’s) Office of Cybersecurity, Energy Security, and
Emergency Response (CESER) and utility partners in collaboration
with DOE’s Office of Energy Efficiency and Renewable Energy
(EERE).
To learn more about runZero’s participation in the NREL CECA
Program you can read their news story here.
To download the free and publicly available report, please visit
https://www.nrel.gov/docs/fy24osti/89105.pdf.
Additional Resources:
- Attend a webinar with the NREL evaluation team and runZero on
August 22 at 12 pm ET
- Visit the runZero website
- Start a free trial of runZero
About runZero
runZero delivers the most complete security visibility possible,
providing organizations the ultimate foundation for successfully
managing risk and exposure. Rated number one on Gartner Peer
Insights, their leading cyber asset attack surface management
(CAASM) platform starts delivering insights in literally minutes,
with coverage for both managed and unmanaged devices across the
full spectrum of IT, OT, IoT, cloud, mobile, and remote assets.
With a world-class NPS score of 82, runZero has been trusted by
more than 30,000 users to improve security visibility since the
company was founded by industry veteran HD Moore.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240724189788/en/
Susan Torrey runZero Corporate Communications
susan.torrey@runzero.com