Software supply chain



Utilities are vulnerable to cyberattack 

'Cyber-hygiene' - firewalls, anti-virus software, etc. - is often conflated with cybersecurity. But this neglects an urgent vulnerability: the software supply chain.

Utilities must secure the software supply chain on their own behalf. Complying with federal standards, like NERC’s CIP-013, isn’t enough.

Download the white paper to explore

noun_Shield broken_3039444 vulnerabilities in the software supply chain

noun_List_2910108The crucial role of SBOMs in securing software procurement

noun_secure_65135 steps utilities can take to secure the software supply chain

Utilities must act now to secure the cyber supply chain

On average, software contains 135 components - each one creating a potential vulnerability. 

In a 2018 survey of senior IT, 66% reported a software supply chain attack. In fact, the high-profile WannaCry and NotPetya hacks - which affected 25% of utility professionals - are both attributed to supply chain vulnerabilities. The average cost of such an attack: $1.1 million.

To face the next wave of cybercrime, utilities need to...

●   Pursue a Software Bill of Materials (SBOM) in all software procurement

●   Invest in a thorough cyber supply chain risk management plan (C-SCRM)
●   Collaborate closely with vendors, security consultants, and the government
●   Build a culture of security, transparency, and clear communication

The software supply chain is vulnerable, and utilities must take the lead in securing it.


Screen Shot 2021-03-10 at 5.09.35 PM