A new North American Electric Reliability Corp. report recommends expanding the application of reliability standards aimed at managing cybersecurity supply chain risks to two additional categories of assets within the bulk electric system. As NERC noted, the electric industry’s “supply chains for information and communications technology and industrial control systems are long and multidimensional, involving numerous parties in a multitude of countries across the globe.” This web of vendors, contractors and third-party suppliers provide adversaries with a slew of targets in the supply chain that can be used to create or exploit vulnerabilities needed to initiate attacks on BES cyber systems and equipment. Regulators responded to this threat with the introduction of critical infrastructure protection standards targeted at supply chain risk management, but the Federal Energy Regulatory Commission made clear in October when it approved those standards that the new requirements were only a first step.
展开▼
