Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

👉 Join us on July 23 for a free webinar on how utilities are using advanced analytics to make smarter, faster decisions—save your spot now.

Energy Business
Richard "Dick" Brooks
Richard "Dick" Brooks
Expert Member
Top Contributor
·Posted in Energy Business
Mon, Sep 23

NAESB Update Call Presentation on October 16 features a brief overview of CISA Secure by Design principles and practices

[UPDATE October 17, 2024: A big thanks to NAESB for hosting the event. Hopefully, I didn't ruin your dinner plans Ken Quimby. Always check the "Trust Score" before dining at a restaurant and before installing software in production. Consumers can easily check if their software vendors are committed to producing secure, trustworthy products - just check if they have signed the "Secure by Design pledge" then you will know if they are committed to protecting you from harm.  229 Signers of the CISA Secure by Design pledge as of today.  The slide deck from my presentation is available online here.]

[UPDATE October 8, 2024: The National Association of Corporate Directors (NACD)  has published guidance for Board of Director Members to incorporate supply chain risk management practices to identify trustworthy vendors as a decision factor during purchasing decisions]

Hoping to see friends and colleagues at this NAESB meeting on October 16. People interested in learning about INGAA's Secure by Design announcement can find more information in this posting from INGAA.

The final agenda for this event is now posted.

FERC's recent Supply Chain Risk Management NOPR, Docket RM24-4-000 has peaked interest in this topic as FERC has directed NERC to provide new or updated SCRM standards. I filed comments with FERC suggesting that FERC direct NERC to not reinvent the wheel and adopt standards and guidelines for SCRM provided by our Nations Cybersecurity and SCRM experts at NIST and CISA, contained in the CISA Secure Software Acquisition Guide. NIST and CISA SCRM standards and guidelines have been adopted by US Government agencies responsible for procuring and using software products.

I also recommend taking time to ask your suppliers "challenging questions" about Cybersecurity practices in use at their company following this profound advice from Cassie Crossley at Schneider Electric ( a 5 minute video clip) one of the leading vendors of ICS control products to the electric industry used in grid management.

I have two key points to convey during my part of the presentation:

  1. CISA's Secure by Design principles and practices are analogous to restaurant cleanliness scoring using a checklist of "required practices" to show that software products are being produced safely to protect consumers from harm.
  2. We need one successful case study showing that Secure by Design practices are practical, effective and achievable, with one vendor and one consumer providing the "ground truth" showing how to implement Secure by Design practices from vendor and consumer perspectives. CISA's Secure Software Acquisition Guide will provide the practices to be implemented.

 

Non-members will need to register with the NAESB office at 713-356-0060.