supply chain cybersecurity white paper on ipad


Utilities are vulnerable to cyberattack

'Cyber-hygiene' - firewalls, anti-virus software, etc. - is often conflated with cybersecurity. But this neglects an urgent vulnerability: the software supply chain.

Utilities must secure the software supply chain on their own behalf. Complying with federal standards, like NERC’s CIP-013, isn’t enough.

Download the white paper to explore

a shield broken in two
4 vulnerabilities in the software supply chain
a checklist of software components
The crucial role of SBOMs in securing software procurement
a padlock
5 steps utilities can take to secure the software supply chain

Utilities must act now to secure the cyber supply chain

On average, software contains 135 components - each one creating a potential vulnerability. In a 2018 survey of senior IT, 66% reported a software supply chain attack. In fact, the high-profile WannaCry and NotPetya hacks - which affected 25% of utility professionals - are both attributed to supply chain vulnerabilities. The average cost of such an attack: $1.1 million.

To face the next wave of cybercrime, utilities need to...

●   Pursue a Software Bill of Materials (SBOM) in all software procurement
●   Invest in a thorough cyber supply chain risk management plan (C-SCRM)
●   Collaborate closely with vendors, security consultants, and the government
●   Build a culture of security, transparency, and clear communication

The software supply chain is vulnerable, and utilities must take the lead in securing it.