Today’s LiveWire Spotlight looks at the second and third of six draft NERC Security Guidelines dealing with with threats introduced through the supply chain.  These two address the threat of undetected attacks on critical operational technology (OT) assets during the procurement, installation, and ongoing support processes.  A clear distinction is drawn from identical business-serving information technology (IT) assets — which often use different risk mitigation methods

The initial drafts of the NERC Security Guidelines on Supply Chain Risk Management Lifecycle have been posted for a 45-day stakeholder review.  Comments must be returned to tom.hofstetter@nerc.net by November 3, 2022 using the form provided by the RSTC.