This meeting comes at an important time for the Energy industry. The grid is changing, rapidly, with more generating resources being deployed on the distribution grid, raising the prospect of new challenges to managing reliability, resilience and cybersecurity.Â
The FERC-DOE technical conference (linked below at "Read More") provides an opportunity for the energy industry to share their concerns and insights with regulators at FERC and their "Sector Risk Management Agency", DOE.
I hope to attend this conference and look forward to meeting others on December 7 in Washington. Here are some of the items of interest on the agenda:
Supply Chain Risks Facing the Bulk-Power System
Current Supply Chain Risk Management (SCRM) Reliability Standards, Implementation Challenges, Gaps, and Opportunities for Improvement
The U.S. Department of Energy’s Energy Cyber Sense Program
Enhancing the Supply Chain Security Posture of the Bulk-Power System
Here are a few of the items of interest (to me):
How are emerging orders, standards, and process guidance, such as Executive Order 14017, Executive Order 14028, NIST Special Publication 800-161r1, ISA 62443, CIP-013-1, and others, changing how we assess our digital supply chain?
More than ever, developers are building applications on open-source software libraries. Â How can developers address the risks inherent with open-source software and how can asset owners work with vendors to validate that appropriate open-source risk management measures have been taken?
The panel will also explore certain programs and practices used by utilities to verify the authenticity and effectiveness of products and services.Â
What are the best practices and other guidance for security evaluation of vendors?
What programs and practices are currently in use to ensure product and service integrity?
What are the best ways to meaningfully assimilate SBOM information and what subsequent analyses can be done to strengthen internal security practices?