Create articles from any YouTube video or use our API to get YouTube transcriptions
Start for freeIntroduction
Good morning, hello everyone! Welcome to an insightful webinar on conducting cyber risk assessments for supply chain risk management. This session, part of a 10-part series on cybersecurity and digitalization, zeroes in on the pivotal role of cyber security in the energy sector's supply chain.
The Essence of Supply Chain Cybersecurity
The expanding supply chain in the energy sector faces numerous cybersecurity challenges due to the integration of renewables, deployment of grid-edge technologies, and integration of regional markets. Addressing these challenges is critical to ensuring the security and reliability of energy supply.
Expert Insights
Frank Honus from the Energy Information Sharing Center (EISAC) and Mel Falkovich from Con Edison shared their expertise. Frank, an associate director at EISAC, delves into the cybersecurity of electric utility members, while Mel, the Chief Information Security Officer at Con Edison, brings his extensive experience in information security within the energy sector.
Key Highlights from the Webinar
Understanding Supply Chain Vulnerabilities
- Hardware and Software Issues: The vulnerabilities affect both IT and OT environments, including the hardware being purchased and the software being developed or deployed.
- Procurement and Contracts Risks: Risks also stem from the people involved and the language of contracts which might not be robust enough to prevent undesirable procurements.
- Products vs. Service Providers: The distinction between product-based risks and service provider risks, as illustrated by incidents like the SolarWinds breach.
A Hypothetical Example
A detailed example was discussed where procurement processes failed to detect that hardware, believed to be manufactured domestically, was actually produced in a country with lower cybersecurity standards, leading to unintended network vulnerabilities.
Mitigation Strategies
Mel Falkovich highlighted several mitigation strategies, including:
- Performing upfront assessments of vendors and third parties based on multiple dimensions such as financial, geopolitical, and cyber security controls.
- Utilizing standards and frameworks like ISO certification and SOC2 to assess risks.
- Engaging in industry collaboration to develop common languages and centralized risk assessment processes.
Importance of Ongoing Assessments
It's crucial not only to assess vendors at the procurement stage but also to engage in continuous assessments to ensure compliance and adapt to new threats.
Conclusion
The webinar underscored the importance of comprehensive cyber risk assessments in managing supply chain risks in the energy sector. As highlighted by our speakers, understanding vulnerabilities, developing mitigation strategies, and engaging in continuous assessment are key to safeguarding against cyber threats.
For more detailed insights and to view the full webinar, click here.