1. YouTube Summaries
  2. Mastering Cyber Risk Assessments in Supply Chain Management

Mastering Cyber Risk Assessments in Supply Chain Management

By scribe 2 minute read

Create articles from any YouTube video or use our API to get YouTube transcriptions

Start for free
or, create a free article to see how easy it is.

Introduction

Good morning, hello everyone! Welcome to an insightful webinar on conducting cyber risk assessments for supply chain risk management. This session, part of a 10-part series on cybersecurity and digitalization, zeroes in on the pivotal role of cyber security in the energy sector's supply chain.

The Essence of Supply Chain Cybersecurity

The expanding supply chain in the energy sector faces numerous cybersecurity challenges due to the integration of renewables, deployment of grid-edge technologies, and integration of regional markets. Addressing these challenges is critical to ensuring the security and reliability of energy supply.

Expert Insights

Frank Honus from the Energy Information Sharing Center (EISAC) and Mel Falkovich from Con Edison shared their expertise. Frank, an associate director at EISAC, delves into the cybersecurity of electric utility members, while Mel, the Chief Information Security Officer at Con Edison, brings his extensive experience in information security within the energy sector.

Key Highlights from the Webinar

Understanding Supply Chain Vulnerabilities

  • Hardware and Software Issues: The vulnerabilities affect both IT and OT environments, including the hardware being purchased and the software being developed or deployed.
  • Procurement and Contracts Risks: Risks also stem from the people involved and the language of contracts which might not be robust enough to prevent undesirable procurements.
  • Products vs. Service Providers: The distinction between product-based risks and service provider risks, as illustrated by incidents like the SolarWinds breach.

A Hypothetical Example

A detailed example was discussed where procurement processes failed to detect that hardware, believed to be manufactured domestically, was actually produced in a country with lower cybersecurity standards, leading to unintended network vulnerabilities.

Mitigation Strategies

Mel Falkovich highlighted several mitigation strategies, including:

  • Performing upfront assessments of vendors and third parties based on multiple dimensions such as financial, geopolitical, and cyber security controls.
  • Utilizing standards and frameworks like ISO certification and SOC2 to assess risks.
  • Engaging in industry collaboration to develop common languages and centralized risk assessment processes.

Importance of Ongoing Assessments

It's crucial not only to assess vendors at the procurement stage but also to engage in continuous assessments to ensure compliance and adapt to new threats.

Conclusion

The webinar underscored the importance of comprehensive cyber risk assessments in managing supply chain risks in the energy sector. As highlighted by our speakers, understanding vulnerabilities, developing mitigation strategies, and engaging in continuous assessment are key to safeguarding against cyber threats.

For more detailed insights and to view the full webinar, click here.

Ready to automate your
LinkedIn, Twitter and blog posts with AI?

Start for free