The North American Electric Reliability Corporation (NERC) critical infrastructure protection (CIP) standard has begun enforcement of new cybersecurity requirements for electric utility companies to enhance the resilience and reliability of the bulk electricity system (BES).
The new NERC CIP 013 standard supply chain standard will significantly affect electricity utility companies and will require BES entities to develop plans to mitigate cybersecurity risks in their supply chain processes. The standard covers industrial control systems (ICS) hardware, software, and computing and network resources used in the bulk electricity system (BES).
As utility companies embrace IT and Operational Technology (OT) convergence, the supply chain risk management regulations will require utilities to focus on assessments, risk measurement, risk management, and cybersecurity best practices. The focus on supply chain risk management in the critical infrastructure arena was borne out of recent devastating attacks where 3rd party software and hardware with minimal provenance and inadequate vendor security programs were identified as low hanging fruit for malicious actors:
Maersk:
Honda:
Saudi Aramco:
Ipseity security can help you identify the compliance steps you need to execute:
Define the scope of 3rd party software, hardware and networking resources with potentially hundreds of vendors
Develop your cyber supply chain risk management plan (C-SCRM)
Conduct cybersecurity risk assessments
Implement, operationalize and sustain your C-SCRM plan
Please connect with us to meet your compliance requirements.
Comments