Annual IEEE Smart Grid Cybersecurity Workshop

#1286508: Annual IEEE Smart Grid Cybersecurity Workshop - 12-13 Dec Atlanta , USA

Description:	Tom Alrich: I was quite honored to be asked recently to be the keynote speaker at the second annual IEEE Smart Grid Cybersecurity Workshop, which will be held on Thursday and Friday December 12 and 13 at the same hotel in Atlanta where the NERC CIP will meet on Tuesday and Wednesday (which I’ll also attend); the agenda is here. My topic will be – what else? – “Developing your Supply Chain Cyber Risk Management Plan”. Of course, if you are a cynical person like me, you might point out that the smart grid has to do primarily with distribution, while CIP-013 (which of course requires the entity to develop a supply chain cybersecurity risk management plan) is a standard for Bulk Electric System assets. Why talk about CIP-013 at this workshop? Fortunately, I already have my answer for you: I’m not talking just, or even primarily, about CIP-013. Any utility, in fact any organization that runs using computing hardware and software that they purchase, is subject to supply chain cybersecurity risks, and should have a risk mitigation plan. Exactly the same considerations go into developing a plan for cyber assets to be deployed on the distribution grid as for BES cyber assets. So there, smarty pants. And I won’t be alone in discussing supply chain security. There’s a panel on that topic right before me.
More info:	http://tomalrichblog.blogspot.com/2019/11/upcoming-speaking-engagement.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+TomAlrichsBlog+%28Tom+Alrich%27s+Blog%29

Description:

Tom Alrich:

I was quite honored to be asked recently to be the keynote speaker at the second annual IEEE Smart Grid Cybersecurity Workshop, which will be held on Thursday and Friday December 12 and 13 at the same hotel in Atlanta where the NERC CIP will meet on Tuesday and Wednesday (which I’ll also attend); the agenda is here. My topic will be – what else? – “Developing your Supply Chain Cyber Risk Management Plan”.

Of course, if you are a cynical person like me, you might point out that the smart grid has to do primarily with distribution, while CIP-013 (which of course requires the entity to develop a supply chain cybersecurity risk management plan) is a standard for Bulk Electric System assets. Why talk about CIP-013 at this workshop?

Fortunately, I already have my answer for you: I’m not talking just, or even primarily, about CIP-013. Any utility, in fact any organization that runs using computing hardware and software that they purchase, is subject to supply chain cybersecurity risks, and should have a risk mitigation plan. Exactly the same considerations go into developing a plan for cyber assets to be deployed on the distribution grid as for BES cyber assets. So there, smarty pants. And I won’t be alone in discussing supply chain security. There’s a panel on that topic right before me.

More info:

http://tomalrichblog.blogspot.com/2019/11/upcoming-speaking-engagement.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+TomAlrichsBlog+%28Tom+Alrich%27s+Blog%29

Date added	Nov. 11, 2019, 8:20 a.m.
Source	Tom Alrich Blog
Subjects	Conferences and Seminars North America Conferences IT Security General Energy News - Electric Power, Oil, Gas, Solar, Wind, Water, Nuclear etc. NERC / FERC / NERC CIP / Critical Infrastructure Protection Committee (CIPC)
Venue	Atlanta, Dec. 12, 2019, midnight - Dec. 13, 2019, midnight
Country	USA