Sunday, November 10, 2019

Upcoming speaking engagement



I was quite honored to be asked recently to be the keynote speaker at the second annual IEEE Smart Grid Cybersecurity Workshop, which will be held on Thursday and Friday December 12 and 13 at the same hotel in Atlanta where the NERC CIP will meet on Tuesday and Wednesday (which I’ll also attend); the agenda is here. My topic will be – what else? – “Developing your Supply Chain Cyber Risk Management Plan”.

Of course, if you are a cynical person like me, you might point out that the smart grid has to do primarily with distribution, while CIP-013 (which of course requires the entity to develop a supply chain cybersecurity risk management plan) is a standard for Bulk Electric System assets. Why talk about CIP-013 at this workshop?

Fortunately, I already have my answer for you: I’m not talking just, or even primarily, about CIP-013. Any utility, in fact any organization that runs using computing hardware and software that they purchase, is subject to supply chain cybersecurity risks, and should have a risk mitigation plan. Exactly the same considerations go into developing a plan for cyber assets to be deployed on the distribution grid as for BES cyber assets. So there, smarty pants. And I won’t be alone in discussing supply chain security. There’s a panel on that topic right before me.

I’ll hope to see you there! 


Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC.

If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or challenges like what is discussed in this post – especially on compliance with CIP-013. My offer of a free webinar on CIP-013, specifically for your organization, remains open to NERC entities and vendors of hardware or software components for BES Cyber Systems. To discuss this, you can email me at the same address.


2 comments:

  1. Very insightful - and true. Don't ignore Distribution.... << Exactly the same considerations go into developing a plan for cyber assets to be deployed on the distribution grid as for BES cyber assets.>>

    ReplyDelete
  2. Thanks, Rob. I will make sure to discuss Distribution assets, although I don't see any difference for that, except that CIP-013 doesn't apply so they don't need the same types of documentation as for BES assets.

    ReplyDelete