New Supply Chain webinars from the NERC SCWG

TA notice: If you’re looking for the post I wrote earlier today on the pandemic, go here.

NERC put out a notice this week about a series of webinars on supply chain cyber security risk management, which will start next Monday. They will all be at 1 PM Eastern time for one hour, and you don’t need to sign up for any of them. I will present two of them: on March 30 on Supply Chain Cyber Security Risk Management Lifecycle, and on April 20 on Vendor Risk Management Lifecycle. Here is the full announcement:

Webinar Announcement Supply Chain Working Group Security Guidelines for the Electricity Sector – Supply Chain When it's time, join your meeting here: Join Meeting Teleconference: 1-415-655-0002 | Access Code: 735 632 114
The Supply Chain Working Group (SCWG), part of the Reliability and Security Technical Committee (RSTC), is presenting a series of webinars to elaborate on security guidelines that address cyber security supply chain risk management issues. The hour-long webinars will broadcast weekly on Mondays at 1:00 p.m. Eastern, beginning on March 23, 2020. All webinars will be recorded and subsequently available on the Supply Chain Risk Mitigation Program page. No preregistration is necessary; click the link above to attend each webinar. Before and during each webinar, submit questions about the supply chain security guidelines to CIPCadmin@nerc.net with “SCWG Webinars” in the subject line. Topic Team Lead Webinar (Mondays, 1:00 PM Eastern) Supply Chain and Risk Considerations for Open Source Software George Masters, Schweitzer Engineering Laboratory, Inc. March 23 Supply Chain Cyber Security Risk Management Lifecycle Tom Alrich, Tom Alrich LLC March 30 Vendor Identified Incident Response Measures Steven Briggs, TVA April 6 Secure Equipment Delivery Wally Magda, Wallydotbiz, LLC April 13 Vendor Risk Management Lifecycle Tom Alrich, Tom Alrich LLC April 20 Procurement Language (under development) Dan Wagner, WECC April 27 Frequently Asked Questions: Small Group Advisory Sessions Brian Allen, NERC May 4 Provenance David Steven Jacoby, Boston Strategies International May 11 Risks Related to Cloud Service Providers Brenda Davis, CPS Energy May 18 Reliability guidelines are not binding norms or parameters that directly support compliance to NERC’s Reliability Standards, so their use is not monitored or enforced. While applying the recommendations from a guideline is highly encouraged and is expected to improve the security posture of an organization, their incorporation into industry practices is strictly voluntary.
For more information or assistance, please contact Tom Hofstetter (via email).

  

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC.

If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or challenges like what is discussed in this post – especially on compliance with CIP-013. My offer of a free webinar on CIP-013, specifically for your organization, remains open to NERC entities and vendors of hardware or software components for BES Cyber Systems. To discuss this, you can email me at the same address.