Tuesday, March 17, 2020

New Supply Chain webinars from the NERC SCWG



TA notice: If you’re looking for the post I wrote earlier today on the pandemic, go here.

NERC put out a notice this week about a series of webinars on supply chain cyber security risk management, which will start next Monday. They will all be at 1 PM Eastern time for one hour, and you don’t need to sign up for any of them. I will present two of them: on March 30 on Supply Chain Cyber Security Risk Management Lifecycle, and on April 20 on Vendor Risk Management Lifecycle. Here is the full announcement:

Webinar Announcement
Supply Chain Working Group
Security Guidelines for the
Electricity Sector – Supply Chain


When it's time, join your meeting here: Join Meeting
Teleconference: 1-415-655-0002 | Access Code: 735 632 114

The Supply Chain Working Group (SCWG), part of the Reliability and Security Technical Committee (RSTC), is presenting a series of webinars to elaborate on security guidelines that address cyber security supply chain risk management issues.

The hour-long webinars will broadcast weekly on Mondays at 1:00 p.m. Eastern, beginning on March 23, 2020. All webinars will be recorded and subsequently available on the Supply Chain Risk Mitigation Program page. No preregistration is necessary; click the link above to attend each webinar.

Before and during each webinar, submit questions about the supply chain security guidelines to CIPCadmin@nerc.net with “SCWG Webinars” in the subject line.

Topic
Team Lead
Webinar (Mondays,
1:00 PM Eastern)
George Masters, Schweitzer Engineering Laboratory, Inc.
March 23
Tom Alrich, Tom Alrich LLC
March 30
Steven Briggs, TVA
April 6
Wally Magda, Wallydotbiz, LLC
April 13
Tom Alrich, Tom Alrich LLC
April 20
Procurement Language
(under development)
Dan Wagner, WECC
April 27
Brian Allen, NERC
May 4
David Steven Jacoby, Boston Strategies International
May 11
Brenda Davis, CPS Energy
May 18

Reliability guidelines are not binding norms or parameters that directly support compliance to NERC’s Reliability Standards, so their use is not monitored or enforced. While applying the recommendations from a guideline is highly encouraged and is expected to improve the security posture of an organization, their incorporation into industry practices is strictly voluntary.

For more information or assistance, please contact Tom Hofstetter (via email).


  
Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC.

If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or challenges like what is discussed in this post – especially on compliance with CIP-013. My offer of a free webinar on CIP-013, specifically for your organization, remains open to NERC entities and vendors of hardware or software components for BES Cyber Systems. To discuss this, you can email me at the same address.


No comments:

Post a Comment