NREL's 10-Step Systems Engineering Approach to Security
NREL's Cyber-Physical Systems Security and Resilience Center provides companies with a clear, unbiased picture of their cybersecurity health—from the technologies, systems, and devices they use, to the workforce and business process best practices they have in place.
These evaluations incorporate NREL's 10-step systems engineering approach to security:
- Assess cyber-governance (security controls in place, prioritized action items for gaps in security controls) (identify and protect).
- Implement technical plan to address gaps from cyber-governance assessment (protect).
- Perform due diligence on cutting-edge cybersecurity technologies for energy systems, including functional and integration testing (identify and protect).
- Develop procurement language for secure, reliable, and resilient SCADA systems (protect).
- Review utility SCADA cybersecurity architecture and benchmark against NREL's nine-layer cybersecurity model, including vulnerability assessment and risk mitigation (identify, protect, monitor, and respond).
- Scan software code and binary executables to identify malware and cyber risks as well as techniques for mitigation (identify and protect).
- Test data fuzz of SCADA systems with risk mitigations (identify and protect).
- Pen-test SCADA systems in NREL's cybersecurity test bed to identify residual cyber risks and provide mitigations (monitor, respond, and recover).
- Develop and analyze failure scenarios with mitigations (recover).
- Provide training on cybersecurity awareness for corporate staff and information technology/operation technology audiences to reduce cyber risks from social engineering and phishing schemes from advanced persistent threats (identify, protect, monitor, respond, and recover).
Leverage our cybersecurity research capabilitieswork with us