Search

NERC CIP 013 - Supply Chain Risk Management for Bulk Electricity Suppliers



The North American Electric Reliability Corporation (NERC) critical infrastructure protection (CIP) standard has begun enforcement of new cybersecurity requirements for electric utility companies to enhance the resilience and reliability of the bulk electricity system (BES).


The new NERC CIP 013 standard supply chain standard will significantly affect electricity utility companies and will require BES entities to develop plans to mitigate cybersecurity risks in their supply chain processes. The standard covers industrial control systems (ICS) hardware, software, and computing and network resources used in the bulk electricity system (BES).


As utility companies embrace IT and Operational Technology (OT) convergence, the supply chain risk management regulations will require utilities to focus on assessments, risk measurement, risk management, and cybersecurity best practices. The focus on supply chain risk management in the critical infrastructure arena was borne out of recent devastating attacks where 3rd party software and hardware with minimal provenance and inadequate vendor security programs were identified as low hanging fruit for malicious actors:

Maersk:

https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/


Honda:

https://asia.nikkei.com/Business/Technology/Honda-likely-singled-out-in-cyberattack-that-halted-factories


Saudi Aramco:

https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html

Ipseity security can help you identify the compliance steps you need to execute:

  1. Define the scope of 3rd party software, hardware and networking resources with potentially hundreds of vendors

  2. Develop your cyber supply chain risk management plan (C-SCRM)

  3. Conduct cybersecurity risk assessments

  4. Implement, operationalize and sustain your C-SCRM plan


Please connect with us to meet your compliance requirements.


14 views

We provide security-centric advisory and consulting services to help organizations be successful in their digital transformation journey that is aligned to their business requirements.

Quick Links

© 2020 - Ipseity Security Solutions Inc.

  • Twitter
  • Linkedin
  • Facebook