As the deadline for NERC CIP-013 compliance approaches, power and utility organizations are focused on implementing supply chain risk management strategy across their global vendor base.
The North American Electric Reliability Corporation’s (NERC) CIP-013-1 standard is a timely regulation, as third party risk management, and especially risk management down the supply chain, has been coming into strong focus over the last few years in practically every sector.
According to the “State of the Electric Utility 2020” report, 37% of U.S-based P&U organizations claim to have not completely implemented cybersecurity programs in their organizations, much less supply chain risk management (SCRM). Cyberattacks on the electric grid are likely to have catastrophic effects. Thus, in 2016 FERC released the directive for a SCRM standard, resulting in CIP-013-1.
Standards organizations like NIST began to include supply chain risk management language in their control frameworks, and even privacy regulations such as the General Data Protection Regulation (GDPR) include supply chain risk management requirements. It’s clear that CIP-013-1 implementation is needed in the power and utilities…
