This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.

Richard Brooks's picture
Co-Founder and Lead Software Engineer, Reliable Energy Analytics LLC

Dick Brooks is the inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software...

  • Member since 2018
  • 1,540 items added with 672,611 views
  • Jan 6, 2021
  • 911 views

This direct message from the Washington Post (linked below) will, hopefully, motivate people to implement protections against software supply chain cyber risks and threats. Here are a few key takeaways:

  • The manner in which the U.S. government left itself vulnerable to the attack demands a reckoning that runs the policy gamut. But the best place to start may be the least flashy: security of the software supply chain.
  • Russia has perpetrated attacks through the supply chain before, and no wonder.
  • Government agencies don’t require suppliers to meet minimum security standards, they don’t test the software they provide to ensure it is secure, and they don’t have technology in place to monitor whether that software is “calling home,” to places it shouldn’t. All that needs to change.
  • Perfection, however, is impossible to achieve — which is why the next frontier is figuring out how to root out those attackers
  • Agencies ignored a Government Accountability Office report advising them to update a malware-catching tool called Einstein that proved significantly less smart than its namesake. Einstein could nab only known assailants, not identify new ones; an improvement is in immediate order.
  • This has to be an urgent priority for the Biden administration.

NOTE: Energy Central hosted a PowerSession on 8/12/2020 describing best practices for software supply chain risk assessments, based on the NIST Cybersecurity Framework, V1.1. An on-demand recording of this PowerSession is available online: https://energycentral.com/o/energy-central/demand-energy-central-powersession-series-cybersecurity-us-power-grid-software

Never trust software, always verify and report!

Discussions
Matt Chester's picture
Matt Chester on Jan 6, 2021

For interested readers, another Energy Central article on this WaPo op-ed-- interesting to see the editorial pages taking something of a 'lead' here!

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »