THREAT ALERT: CVE-2021-44228 is a critical vulnerability resulting in Remote Code Execution (RCE). 

Read Fortress's response to the recent Log4j exploit.

Press Release

Critical Infrastructure Industry Leaders Convene to Secure Supply Chains

Orlando, FL – January 4, 2022 – Fortress Information Security and the Asset to Vendor Network (A2V) today announced the formation of an expert A2V Governance Committee focused on securing the nation’s mission-critical supply chains from cyber- and nation-state attacks. Comprised of the nation’s leading electric power and critical infrastructure organizations, the committee will provide a venue for ongoing cybersecurity collaboration and supply chain security posture and risk information sharing for critical infrastructure.

Fortress, along with American Electric Power (AEP) and Southern Company, started A2V and formed the Governance Committee to provide oversight and recommendations to manage supply chain risks and secure critical infrastructure. In addition, members share security concerns and find solutions that work for common stakeholders within critical infrastructure industries. For more than two years, A2V has provided a central repository for critical infrastructure asset owners and operators to access supplier and critical asset assessment and risk data, offer actionable insights to manage risks, and support a secure A2V network. A2V shares critical cyber risk information on more than 40,000 vendors and over two million assets.

“Critical infrastructure and manufacturing organizations, as well as their vendors, share common cybersecurity adversaries and face similar compliance challenges,” said Tobias Whitney, Vice President of Industry Relations and Regulatory Affairs at Fortress Information Security. “We can add value to our clients’ security and compliance programs by collaborating on solutions to address supply chain risk concerns.  Everyone – from shareholders to customers – is better served when the industry can speak with one voice on supply chain security issues. The A2V Governance Committee will focus on finding remedies to secure the entire electric power industry and other critical infrastructure as well as ensure regulatory matters are properly implemented.”

AEP and Southern Company members serve on the Governance Committee. Other A2V participating organizations joining the Committee, as members or stakeholders, include:

  • Avangrid
  • Burns & McDonnell
  • Dynamic Ratings 
  • E-ISAC
  • Florida Power & Light
  • Florida Municipal Power Agency
  • GE Renewable Energy
  • Hitachi Energy
  • Idaho National Laboratory (INL)
  • International Society of Automation (ISA)
  • Lakeland Electric
  • Microsoft
  • National Renewable Energy Laboratory (NREL)
  • NiSource
  • Schneider Electric
  • Schweitzer Engineering Laboratories
  • SERC Reliability Corporation
  • Southwestern Power Administration
  • Southwest Power Pool
  • U.S. Chamber of Commerce
  • Western Area Power Administration
  • Xcel Energy

The Committee touched on a wide range of topics of concern: “I also appreciate the opportunity to discuss SBOM at your A2V Governance Committee. Having vendors and asset owners in a room together discussing their needs and hopes is a great opportunity,” said Ginger Wright of Idaho National Laboratory.

While the Governance Committee is serving to address the concerns of critical asset owners and operators, the Committee equally represents suppliers and service providers to better understand challenges and find pragmatic solutions associated with securing critical supply chains. “We quickly work to assist electric power, water, and petrochemical companies with security and regulatory concerns in their infrastructure and supply chains and in other critical infrastructure sectors as well,” Whitney said. “Critical infrastructure organizations are seeing lots of changes after attacks like the Colonial Pipeline ransomware, Log4j, and other supply chain and operational technology attacks. Now is the time to show how our combined A2V experience can help build and roll out supply chain security solutions to prepare for the next line of attacks.” 

About A2V

Fortress Information Security, American Electric Power and Southern Company launched the Asset to Vendor Network (A2V) to establish a collaborative network of critical infrastructure stakeholders that share supply chain cybersecurity and compliance assessment, risk and intelligence data to secure critical infrastructure and supply chains that deliver bulk electric power, IT, OT and other mission-critical systems and services.

For more information, contact Adam Benson at adam@vrge.us or 202.999.9104 or Mary Kulp at mkulp@fortressinfosec.com.