President Biden's May 12 Cybersecurity Executive Order provides clear evidence that ransomware is out of control and more must be done to secure the software supply chain. The Federal Government is taking steps to secure it's supply chain using Cybersecurity Supply Chain Risk Management (C-SCRM) best practices, including the requirement for software vendors to provide a Software Bill of Materials (SBOM) in order to conduct a comprehensive C-SCRM risk assessment of a software product and its entire supply chain.

Fortunately for us, Energy Central (EC) has been leading efforts to inform the EC Community of methods to improve software supply chains by producing a PowerSession and PowerTalk describing best C-SCRM practices to conduct software supplier and integrity verification steps to satisfy NERC CIP-010-3 R1 Part 1.6 requirements and FERC Order 850.