Energy Central PowerSession Series: Cybersecurity on the U.S. Power Grid: Software Supply Chain Risks and Mitigations for NERC CIP-010-3Posted to Energy Central
image credit: Approved to use
- Jun 29, 2020
- 3215 views
Date: Aug 12, 2020
Time: 2:00 PM EST
The emergency cybersecurity Executive Order issued on May 1, 2020, by the President serves as a stark reminder that cyber threats are a real and ever-present danger, and everyone involved in the energy industry must be prepared to do their part to defend the grid from harm and bad actors. This point has been further confirmed with FERC’s recently issued white paper on proposed investments to enhance cybersecurity for the Bulk Electric System.
Software is the ‘brain’ behind the power sector’s command and control systems, and professionals across the utility industry must ensure that software installed and granted access to the grid is safe. In this PowerSession, you will learn about risk assessment steps you can take to ensure that your command and control software objects are trustworthy enough to install and grant access to sensitive power equipment.
Objectives of this PowerSession:
- Describe Software Supply Chain Risks and Threats
- Describe specific Software Risks that have impacted Companies
- Introduce Value at Risk in a software risk assessment
- A detailed review of Risk Assessment best practices that follow the NIST Cybersecurity Framework to address NERC CIP-010-3 1.6 standards and mitigation options
Richard Brooks is one of the most visible and influential members of Energy Central's Network of Experts. Richard is Senior Consultant and Lead Software Engineer at Reliable Energy Analytics LLC, he's been a successful developer of energy industry cybersecurity standards at NAESB for 25 years, and he's been developing software products and solutions for the wider energy industry for over 25 years, including ISO's Business Intelligence and Data Analytics platforms and Enterprise Architecture, Methods for Verification of Software Object Authenticity and Integrity and the Software Assurance Guardian Point Man (SAG-PM) software.
Thanks to our sponsors for your help in supporting this event:
About GMO GlobalSign
As one of the world’s most deeply-rooted certificate authorities, GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud-based service providers and IoT innovators worldwide to conduct secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale PKI and identity solutions support the billions of services, devices, people and things comprising the IoT. A subsidiary of Japan-based GMO Cloud KK and GMO Internet Group, GMO GlobalSign has offices in the Americas, Europe and Asia. For more information, visit https://www.globalsign.com