If you're
looking for my pandemic posts, go here.
Dick Brooks
of Reliable Energy Analytics is one of the most knowledgeable people on the
subject of software that I know. He has done a lot of research on how to verify
software authenticity and integrity, for compliance with CIP-010-3 R1.6 (which
comes into effect on Oct. 1, along with CIP-013-1). Next Wednesday August 12,
he will present a webinar for Energy Central entitled “Software Supply Chain
Risks and Mitigations for NERC CIP-010-3”.
I’ve seen
Dick’s slides, and I can promise that you’ll learn a lot that you didn’t know,
but which may help you in deciding how to verify software integrity and
authenticity, as well as comply with R1.6 (of course, this can also help you
comply with CIP-013-1 R1.2.5, although you need to be aware that the focus is
different there, even though both requirement parts deal with software
authenticity and integrity. I hope to write a post about that soon).
You can read
about the webinar and sign up here.
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment
on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.
Are you hot at work – or should be – on getting ready for
CIP-013-1 compliance on October 1? Here is my summary of what you need to do between now and then.
No comments:
Post a Comment