- Sep 17, 2021 4:32 pm GMT
"I'm not aware of any software providers being included," said NERC Senior Vice President Manny Cancel, who is also CEO of NERC's Electricity Information Sharing and Analysis Center (E-ISAC), which runs GridEx. "
" The lack of any planned vendor participation for GridEx VI has taken some cybersecurity experts by surprise, particularly after last year's SolarWinds software supply chain hack, which NERC said exposed about 25% of electric utilities to malware. "
This is precisely the type of scenario that makes me question NERC's ability to properly administer and guide cybersecurity policies to protect the electric grid. Vulnerabilities in the software supply chain are one of the most effective attack vectors for cyber criminals.
It's time to think seriously about putting the Cybersecurity experts at CISA and NIST at the helm of all critical infrastructure cybersecurity policies and protections. That's how we put our best foot forward on cybersecurity protections for all critical infrastructure.
FYI: Offers were made to NERC to provide GridEx testing for software supply chain risk using NIST's C-SCRM and SBOM best practices, however this offer was rejected.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.