Journal Article
Marine Technology Society Journal, vol. 54, iss. 6, pp. 97-107, 2020
Authors
Fleurdeliza A. de Peralta
Abstract
AbstractTechnology innovation, market demand, and the potential impacts of a changing climate are driving the marine renewable energy (MRE) industry to develop market-ready systems to provide low-carbon electricity for emerging, off-grid markets. The advanced operational
and information technology devices used in MRE systems create a pathway for a cyber threat actor to gain unauthorized access to data or disrupt operation. To improve the resiliency of MRE systems as a predictable, affordable, and reliable source of energy from oceans and rivers, guidance was
developed for an end users' organization that describes a framework for identifying and managing cybersecurity risk. The development of the cybersecurity guidance is based on standards described in the Risk Management Framework and Cybersecurity Framework developed by the National Institute
of Standards and Technology (NIST). This paper is the first of a two-part series that describes an approach to determine the cybersecurity risk for MRE systems based on assessing potential cyber threats, identifying vulnerabilities (people, processes, and technology, including physical and
operational environment), and evaluating the consequences a cyberattack would have on operation of the MRE system and impact on end users' mission and business objectives. MRE developers and stakeholders can use this approach to assess their current cybersecurity risk posture to incorporate
appropriate cybersecurity controls to reduce the consequences and impacts from a cyberattack on MRE systems. This approach can be refined further as MRE systems are deployed and operational configurations are available.
