Ampyx Cyber Blog
The Intersection of Regulation & Resilience
Closing the Gaps: FERC Order 912 and the Future of Supply Chain Risk Management
FERC Order 912 marks a shift in supply chain cybersecurity for the Bulk-Power System. It directs NERC to strengthen supply chain protections by closing gaps in risk identification, reassessment, and response, and by extending coverage to Protected Cyber Assets. Vendor data validation is encouraged but not mandated, and NERC has 18 months to deliver new or revised standards.
FERC’s New Proposed Rule on Supply Chain Risk Management (SCRM)
The Federal Energy Regulatory Commission (FERC) has released a new Notice of Proposed Rulemaking (NOPR) under Docket No. RM24-4-000, focusing on supply chain risk management (SCRM) for the Bulk-Power System (BPS). This proposed directive aims to fill critical gaps in existing NERC Critical Infrastructure Protection (CIP) standards and bolster the defenses of our nation’s critical infrastructure.
Is SBOM the answer?
Government and industry experts have recently pointed to software bill of materials (SBOM) as a requirement for organizations, but what are you getting? David Foose spends some time exploring aspects of SBOM fever.
A former vendor's take on CIP-013 Supply Chain Risk Management
David Foose, a former vendor, takes us on a brief walk through the history and the justifications Supply Chain Security and the birth of NERC CIP 13. With this, we explore what might have been and where it may have unfortunately veered off into constant contract negotiation entities find themselves today.