The cost-effective CIP-013 supply chain risk management solution
1. Grid security has now expanded to encompass supply chain vendors.
2. Asset to Vendor (A2V) is a joint venture of utility companies and Fortress Information Security where members benefit from sharing risk information at a savings of up to 50% or more below traditional costs. Contribute > Share > Reduce O&M.
3. CIP-013 implementation guidance published by NATF1 and NERC2 suggests performing product risk assessments, vendor risk assessments, and verifying the integrity and authenticity of software (e.g., patches) which are all available on the A2V platform. The governance committee of A2V, held by utility members, ensures that the Network remains ahead of industry, security and regulatory requirements.
4. Vendors will benefit from reduced overhead by having a conduit for sharing their risk assessments in a standardized format which is acceptable by their clients.
The digital revolution has created new opportunities, but it has also created new vulnerabilities. Globalization and technological transformation have vastly enhanced the efficiency of supply chains for companies and organizations in every sector but have also contributed to creating vulnerabilities and raising risk exposure.
Power utilities, like many other industries, have embraced the digital transformation, realizing significant benefits in their interactions with vendors and customers. They have also experienced an increased attack surface. They are aware of the risks and the need for strong security. However, power utilities face many challenges in managing risk across applications and infrastructure.