Skip to main content

NREL's 10-Step Systems Engineering Approach to Security

NREL's Cyber-Physical Systems Security and Resilience Center provides companies with a clear, unbiased picture of their cybersecurity health—from the technologies, systems, and devices they use, to the workforce and business process best practices they have in place.

These evaluations incorporate NREL's 10-step systems engineering approach to security:

  1. Assess cyber-governance (security controls in place, prioritized action items for gaps in security controls) (identify and protect).
  2. Implement technical plan to address gaps from cyber-governance assessment (protect).
  3. Perform due diligence on cutting-edge cybersecurity technologies for energy systems, including functional and integration testing (identify and protect).
  4. Develop procurement language for secure, reliable, and resilient SCADA systems (protect).
  5. Review utility SCADA cybersecurity architecture and benchmark against NREL's nine-layer cybersecurity model, including vulnerability assessment and risk mitigation (identify, protect, monitor, and respond).
  6. Scan software code and binary executables to identify malware and cyber risks as well as techniques for mitigation (identify and protect).
  7. Test data fuzz of SCADA systems with risk mitigations (identify and protect).
  8. Pen-test SCADA systems in NREL's cybersecurity test bed to identify residual cyber risks and provide mitigations (monitor, respond, and recover).
  9. Develop and analyze failure scenarios with mitigations (recover).
  10. Provide training on cybersecurity awareness for corporate staff and information technology/operation technology audiences to reduce cyber risks from social engineering and phishing schemes from advanced persistent threats (identify, protect, monitor, respond, and recover).   

Leverage our cybersecurity research capabilities

work with us