Mounting cybersecurity threats and attacks elevate the priorities of asset owners and operators of critical infrastructure installations to ensure that their supply chains are safe, risk-free, and free from cybersecurity risks in ICS procurement. Vendors shall be expected to provide technological solutions and demonstrate a deep understanding of the application of cybersecurity best practices. This includes implementing robust security measures in their products to protect against adversarial threats targeting OT (operational technology) and ICS (industrial control system) environments, such as malware, ransomware, and nation-state attacks.
Asset owners and operators want more transparency from vendors, detailing information on the security of the components applied across software and hardware, and associated third-party suppliers. They also worry about vulnerabilities introduced during manufacturing or integration. Now, vendors will be required to provide supply chain integrity guarantees through rigorous vetting processes for subcontractors or partners.
ICS procurement can be improved by making sure the software and hardware are from trusted sources, scanned for security…
