The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Richard Brooks's picture
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Inventor of patent pending (16/933161) technology: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™)...

  • Member since 2018
  • 1,218 items added with 488,164 views
  • Sep 17, 2021 4:22 pm GMT
  • 201 views

 "I'm not aware of any software providers being included," said NERC Senior Vice President Manny Cancel, who is also CEO of NERC's Electricity Information Sharing and Analysis Center (E-ISAC), which runs GridEx. "

" The lack of any planned vendor participation for GridEx VI has taken some cybersecurity experts by surprise, particularly after last year's SolarWinds software supply chain hack, which NERC said exposed about 25% of electric utilities to malware. "

This is precisely the type of scenario that makes me question NERC's ability to properly administer and guide cybersecurity policies to protect the electric grid. Vulnerabilities in the software supply chain are one of the most effective attack vectors for cyber criminals.

It's time to think seriously about putting the Cybersecurity experts at CISA and NIST at the helm of all critical infrastructure cybersecurity policies and protections. That's how we put our best foot forward on cybersecurity protections for all critical infrastructure.

FYI: Offers were made to NERC to provide GridEx testing for software supply chain risk using NIST's C-SCRM and SBOM best practices, however this offer was rejected. 

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »