supply chain risk management
play

Supply Chain Risk Management Howard Gugel, Senior Director of - PowerPoint PPT Presentation

Jun 13, 2023 •348 likes •875 views

Supply Chain Risk Management Howard Gugel, Senior Director of Standards and Education Member Representatives Committee Meeting August 9, 2017 Cyber Security Supply Chain Standard Background FERC issued Order No. 829 on July 21, 2016

  1. Supply Chain Risk Management Howard Gugel, Senior Director of Standards and Education Member Representatives Committee Meeting August 9, 2017

  2. Cyber Security Supply Chain Standard • Background  FERC issued Order No. 829 on July 21, 2016  Standard must be filed by September 2017 • Status  Final ballot ended July 20, 2017 o CIP-013-1 – 84.2% o CIP-005-6 – 88.8% o CIP-010-3 – 81.4%  Present at August Board of Trustees meeting  FERC filing deadline of September 27, 2017 2 RELI ABI LI TY | ACCOUNTABI LI TY

  3. FERC Order No. 829 [the Commission directs] that NERC, pursuant to section 215(d)(5) of the FPA, develop a forward-looking, objective-driven new or modified Reliability Standard to require each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations. - Order No. 829, July 2016 3 RELI ABI LI TY | ACCOUNTABI LI TY

  4. Focus • High and medium impact Bulk Electric System (BES) Cyber Systems • No requirements for low impact BES Cyber Systems • NERC committed to addressing risks appropriately  Identify best practices  Develop guidance resources  Support common understanding of compliance obligations 4 RELI ABI LI TY | ACCOUNTABI LI TY

  5. CI P-013-1 Requirements Summary • R1 requires entities to develop supply chain cyber security risk management plan(s) for high and medium impact BES Cyber Systems  Planning processes to identify and assess cyber security risks from vendor equipment and software;  Procurement processes to address specific cyber security risks • R2 requires entities to implement the plan • R3 requires periodic review and approval of the plan 5 RELI ABI LI TY | ACCOUNTABI LI TY

  6. CI P-013-1 I mplementation Guidance • Standard Drafting Team developed Implementation Guidance to provide examples of approaches for complying with CIP-013-1 • This Implementation Guidance has been endorsed by the ERO per NERC’s Compliance Guidance Policy 6 RELI ABI LI TY | ACCOUNTABI LI TY

  7. CI P-005-6 Modifications • Added operational requirements for vendor remote access • Address risks from compromised vendor remote access  Part 2.4 – Determining active vendor remote access sessions  Part 2.5 – Ability to disable active vendor remote access 7 RELI ABI LI TY | ACCOUNTABI LI TY

  8. CI P-010-3 Modifications • Added operational requirements for software integrity and authenticity • Address risks from compromised vendor software  Part 1.6.1 – Verify the identity of the software source  Part 1.6.2 – Verify the integrity of the software 8 RELI ABI LI TY | ACCOUNTABI LI TY

  9. I mplementation Plan • All requirements become effective 18 months following regulatory approval 9 RELI ABI LI TY | ACCOUNTABI LI TY

  10. Question 1 How should NERC support effective implementation? Themes: • Additional implementation guidance • Communication through webinars • Vendors must be included • Consistent audit guidelines • Engage Critical Infrastructure Protection Committee 10 RELI ABI LI TY | ACCOUNTABI LI TY

  11. Question 2 How should NERC evaluate effectiveness of the standards going forward? Themes: • Allow implementation time prior to evaluation • Establish expert group for feedback on success • Engage technical committees in evaluation effort • Use E-ISAC to track incidents • Integrate supply chain compromise into GridEx exercise 11 RELI ABI LI TY | ACCOUNTABI LI TY

  12. Question 3 What risks and related issues should NERC study, including risks related to low impact BES Cyber Systems not covered by the standards? Themes: • Legacy support (including resellers) • Mapping to non-ERO standards • Low impact risks mitigated by implementation for medium and high impact BES Cyber Systems • Review standards in other sectors 12 RELI ABI LI TY | ACCOUNTABI LI TY

  13. Question 4 Are there actions NERC should take to address additional potential supply chain risks? Themes: • Use webinars effectively • Facilitate secure reporting • Engage vendors and suppliers • Participate in cross-industry forums • Post and share lessons learned 13 RELI ABI LI TY | ACCOUNTABI LI TY

  14. Standards Deployment Activities • Leverage industry experience by forming an industry advisory group to support deployment • ERO Enterprise auditor training • Industry webinars and workshops • Vendors outreach on controls • Engage Critical Infrastructure Protection Committee, forums, and trades to develop additional Implementation Guidance • Evaluate effectiveness within two years of implementation • Keep efficiency and effectiveness a priority 14 RELI ABI LI TY | ACCOUNTABI LI TY

  15. Addressing Residual Risks • Technical committees to develop reliability guidelines • Form vendor/industry working groups on supply chain risks • Review supply chain risk practices in other industries and communicate effective strategies • Ensure BES supply chain risks are addressed by product manufacturing standards • Provide latest government intelligence to industry • Partner with Department of Energy’s Idaho National Laboratory to test legacy and planned equipment on supply chain vulnerabilities • E-ISAC will issue bulletins as supply chain risks are identified 15 RELI ABI LI TY | ACCOUNTABI LI TY

  16. 16 RELI ABI LI TY | ACCOUNTABI LI TY

  17. ERO Enterprise Long-Term Strategy, Operating Plan, & 2018 Metrics Michael Walker, Senior Vice President and Chief Financial and Strategic Development Officer Member Representatives Committee Meeting August 9, 2017

  18. Background • Development of Long-Term Strategy  Opportunity to step back, recognize emerging risks and the changing bulk power system (BPS) ecosystem  Informs operational planning—ensure nothing big is overlooked  Initiative supported by NERC and Regional Entity boards • ERO Enterprise Strategic Plan rebranded as Operating Plan  Focuses on operations for a three-year horizon  Incorporates recommendations from the Reliability Issues Steering Committee’s (RISC’s) ERO Reliability Risk Priorities report (RISC report)  Informs annual business plans and budgets 2 RELI ABI LI TY | ACCOUNTABI LI TY

  19. 2017 Strategic and Operational Planning • First drafts posted for stakeholder review and comment:  ERO Enterprise Long-Term Strategy  ERO Enterprise Operating Plan  2018 ERO Enterprise Metrics • Draft Long-Term Strategy reflects input from:  March 2017 RISC Reliability Leadership Summit (RISC Summit)  FERC Technical Conference  NERC and Regional Entity board members  ERO Enterprise senior leadership • Updates to operating plan and metrics developed by ERO Enterprise senior leadership team 3 RELI ABI LI TY | ACCOUNTABI LI TY

  20. Strategic and Operational Planning Overview 4 RELI ABI LI TY | ACCOUNTABI LI TY

  21. ERO Enterprise Long-Term Strategy • Discusses emerging risks and potential reliability impacts • Recommends six long-term focus areas:  Risk-based compliance, enforcement, and assessments  Technical resources and capabilities  Security  Communication  ERO Enterprise-wide operating effectiveness and efficiency  International engagement 5 RELI ABI LI TY | ACCOUNTABI LI TY

  22. ERO Enterprise Operating Plan • Guided by Long-Term Strategy • Changes from last approved version (formerly ERO Enterprise Strategic Plan and Metrics ):  Refinement of vision, mission, and core principles  Existing goals continued with addition of a goal focused on security  Updates to contributing activities in support of Long-Term Strategy  Addition of Regional Entity-specific contributing activities  Removal of metrics as an appendix (now provided separately) • Mapping to recommendations from the most recent RISC report will appear in future draft 6 RELI ABI LI TY | ACCOUNTABI LI TY

  23. ERO Enterprise Operating Plan • Vision: A highly reliable and secure North American bulk power system (BPS) • Mission: To assure effective and efficient reduction of risks to the reliability and security of the BPS • Core principles:  Accountability  Independence  Inclusiveness and Transparency  Innovation  Excellence  Integrity 7 RELI ABI LI TY | ACCOUNTABI LI TY

  24. ERO Enterprise Operating Plan • Goal 1: Risk-responsive Reliability Standards • Goal 2: Objective, risk-informed compliance monitoring, mitigation, enforcement, and entity registration • Goal 3: Reduction of known reliability risks • Goal 4: Identification and assessment of emerging reliability risks • Goal 5: Identification and reduction of cyber and physical security risks • Goal 6: Effective and efficient ERO Enterprise Operations 8 RELI ABI LI TY | ACCOUNTABI LI TY

  25. 2018 ERO Enterprise Metrics • Continues focus of 2017 metrics with six metrics focused on BPS reliability and security and one metric focused on efficiency and effectiveness  NERC and the Regional Entities also maintain additional internal metrics governing individual, departmental, and corporate performance • Notable changes from 2017 metrics:  Removal of compliance severity index in Metric 5; now measures the percentage of serious risk violations  Removal of Metric 6 sub-metric related to cold weather  Greater focus on ERO Enterprise efficiency and effectiveness in Metric 7  Historical data for each metric included 9 RELI ABI LI TY | ACCOUNTABI LI TY

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Supply Chain Risk Management

Supply Chain Risk Management

Supply Chain Risk Management Getting the Balance Right Health & Safety and Supply Chain Risk Management Introductions Supply Chain Risk Management

585 views • 32 slides
MANUFACTURING RISK ASSESSMENT FOR EARLY STAGE PHARMACEUTICALS MIT SUPPLY CHAIN MANAGEMENT

MANUFACTURING RISK ASSESSMENT FOR EARLY STAGE PHARMACEUTICALS MIT SUPPLY CHAIN MANAGEMENT

MANUFACTURING RISK ASSESSMENT FOR EARLY STAGE PHARMACEUTICALS MIT SUPPLY CHAIN MANAGEMENT RESEARCH THESIS PRESENTATION MAY 2017 THESIS WRITERS AND CONTRIBUTORS Emily Chen, Author MIT Masters of Engineering in Supply Chain Management candidate

299 views • 15 slides
Green Supply Chain Management Presented by: Sandeep Sharma 11 th Global Supply Chain and

Green Supply Chain Management Presented by: Sandeep Sharma 11 th Global Supply Chain and

Presentation Title Green Supply Chain Management Presented by: Sandeep Sharma 11 th Global Supply Chain and Logistics Summit 28 Nov 2018 www.sclgsummit.org Green Supply Chain Green supply chain management is defined as "the process of

912 views • 8 slides
Re-Emphasizing Risk Management by George Huff November 9, 2011 2 Risk Management and Supply

Re-Emphasizing Risk Management by George Huff November 9, 2011 2 Risk Management and Supply

Re-Emphasizing Risk Management by George Huff November 9, 2011 2 Risk Management and Supply Chain Security ISO 28000s Risk-Based Approach to Management Systems ISO Format adopted from ISO 14001:2004 Environmental Performance, but

450 views • 13 slides
Lectures 1&2: Introduction to Supply Chain Management Supply Chain Management Quality

Lectures 1&2: Introduction to Supply Chain Management Supply Chain Management Quality

Lectures 1&2: Introduction to Lectures 1&2: Introduction to Supply Chain Management Supply Chain Management Quality Assurance in Supply Chain Management (INSE 6300/4-UU) Winter 2011 Overview Overview Course Outline

507 views • 31 slides
Supply Chain Management in the New World How will the Global Pandemic Impact Supply Chains?

Supply Chain Management in the New World How will the Global Pandemic Impact Supply Chains?

Supply Chain Management in the New World How will the Global Pandemic Impact Supply Chains? Kenneth J. Petersen Helen Robson Walton Endowed Chair Director, Division of Marketing & Supply Chain Management Price College of Business

892 views • 51 slides
Supply Chain Dr. Lai Ving Kam , Associate Professor Logistics and Supply Chain Management Berjaya

Supply Chain Dr. Lai Ving Kam , Associate Professor Logistics and Supply Chain Management Berjaya

Continuous Cost Reduction Resilience in Adaptive Responsive Supply Chain Dr. Lai Ving Kam , Associate Professor Logistics and Supply Chain Management Berjaya University College of Hospitality, Kuala Lumpur, Malaysia Email:

837 views • 31 slides
Regulatory, Manufacturing and Supply Chain Aspects Session 5: Supply Chain Management and

Regulatory, Manufacturing and Supply Chain Aspects Session 5: Supply Chain Management and

Polpharma Regulatory, Manufacturing and Supply Chain Aspects Session 5: Supply Chain Management and Surveillance Mariona Senis, Medichem SA Josep Maria de Ciura, Medichem SA EMA Sartans with N-nitrosamine impurities Lessons Learnt Exercise -

545 views • 10 slides
IM 2010: Operations Research, Spring 2014 Supply Chain Management Ling-Chieh Kung Department of

IM 2010: Operations Research, Spring 2014 Supply Chain Management Ling-Chieh Kung Department of

Supply chain coordination Chain-to-chain competition IM 2010: Operations Research, Spring 2014 Supply Chain Management Ling-Chieh Kung Department of Information Management National Taiwan University May 29, 20141 Supply Chain Management 1 /

954 views • 36 slides
Lectures 1&2: Introduction to Overview Overview Supply Chain Management Supply Chain

Lectures 1&2: Introduction to Overview Overview Supply Chain Management Supply Chain

Lectures 1&2: Introduction to Lectures 1&2: Introduction to Overview Overview Supply Chain Management Supply Chain Management Course Outline Preliminary Notions Objective and Importance of Supply Chain Quality

1.16k views • 31 slides
Council of Supply Chain Management Professionals January 14, 2016 Raw Material Purchasing

Council of Supply Chain Management Professionals January 14, 2016 Raw Material Purchasing

Council of Supply Chain Management Professionals January 14, 2016 Raw Material Purchasing Manufacturers DC Customers DC Consumer Factory Rick D. Blasgen President & CEO CSCMP What is a Supply Chain? A Typical Supply Chain

646 views • 64 slides
Safety and sustainability in the chemical supply chain Craig Thomson | Associate Director

Safety and sustainability in the chemical supply chain Craig Thomson | Associate Director

Safety and sustainability in the chemical supply chain Craig Thomson | Associate Director the-ncec.com/emergencyresponse Agenda Four quadrants of emergency response Compliance How will Brexit affect your supply chain? Risk Management

631 views • 28 slides
Managing Operational Risk in the Global Supply Chain Feb 15, 2008 Doug Sunkel Director

Managing Operational Risk in the Global Supply Chain Feb 15, 2008 Doug Sunkel Director

Managing Operational Risk in the Global Supply Chain Feb 15, 2008 Doug Sunkel Director Americas Parts Distribution Key Points Elements of Risk in the Supply Chain Mitigation Strategies Performance Your Best Bet 2

525 views • 13 slides
Risk Management and Global Supply Risk Management and Global Supply Chains T-TIP Stakeholder

Risk Management and Global Supply Risk Management and Global Supply Chains T-TIP Stakeholder

Risk Management and Global Supply Risk Management and Global Supply Chains T-TIP Stakeholder Presentation 5 th Round Arlington, VA May 21, 2014 AAEI Works with European Partners p What Are the General Trends for Trade? Facilitation

425 views • 17 slides
Mitigating risk of counterfeit parts in the electronic parts supply chain October 12, 2017 By:

Mitigating risk of counterfeit parts in the electronic parts supply chain October 12, 2017 By:

Mitigating risk of counterfeit parts in the electronic parts supply chain October 12, 2017 By: Dr. Vidya Mani Department of Supply Chain & Information Systems, Pennsylvania State University Joint work with Dr . Aydn Alptekinolu (PSU)

544 views • 27 slides
CIRCULAR BUSINESS MODEL IN SUPPLY CHAIN MANAGEMENT 2016 SMU Logistics & Supply Chain

CIRCULAR BUSINESS MODEL IN SUPPLY CHAIN MANAGEMENT 2016 SMU Logistics & Supply Chain

CIRCULAR BUSINESS MODEL IN SUPPLY CHAIN MANAGEMENT 2016 SMU Logistics & Supply Chain Symposium Katharina Tomoff Singapore, 7 March 2016 Corporate Communications and Responsibility Corporate Responsibility is part of our Strategy 2020

322 views • 14 slides
Day Two: October 4, 2018 1 1 Lets Unblock the Chain of Data Making B2B Payments More

Day Two: October 4, 2018 1 1 Lets Unblock the Chain of Data Making B2B Payments More

Day Two: October 4, 2018 1 1 Lets Unblock the Chain of Data Making B2B Payments More Efficient 2 Speaker Bios Title | Company Magnus Carlsson David Jackson Guy Berg Federal Reserve Association of Marketcy Bank of Financial

317 views • 9 slides
EasyCommerce 1.1 Reliable stock management system & Easy-to-use eCommerce fulfillment

EasyCommerce 1.1 Reliable stock management system & Easy-to-use eCommerce fulfillment

Powered by SMS EasyCommerce 1.1 Reliable stock management system & Easy-to-use eCommerce fulfillment solution EasyCommerce by swiss mail solutions Simplify your fulfillment operations As a growing eCommerce company, you want to focus on

210 views • 17 slides
DANE Secured E-Mail Demonstration Wes Hardaker Parsons <wes.hardaker@parsons.com>

DANE Secured E-Mail Demonstration Wes Hardaker Parsons <wes.hardaker@parsons.com>

DANE Secured E-Mail Demonstration Wes Hardaker Parsons <wes.hardaker@parsons.com> Overview My Background In scope topics Securing E-Mail Requirements Implementing Each Requirement 2 wes.hardaker@parsons.com My Background

910 views • 25 slides

Challenges faced accessing supply chain Gatekeeping system: RFQ and RFP process presents challenges in business development process and

311 views • 3 slides
THIRD-PARTY RISK MANAGEMENT For your website Protect your most valuable asset - your web

THIRD-PARTY RISK MANAGEMENT For your website Protect your most valuable asset - your web

1 THIRD-PARTY RISK MANAGEMENT For your website Protect your most valuable asset - your web presence Idan Cohen, Q3 2019 The untold supply-chain challenge: THIRD-PARTIES ON WEBSITES 3 Let s understand What is a web third-party

338 views • 15 slides
Preparing for integrating supply chain with design and development operations process in a medium

Preparing for integrating supply chain with design and development operations process in a medium

Preparing for integrating supply chain with design and development operations process in a medium sized heavy machinery Original Equipment Manufacturer Jugal Desai Design Operations Engineer- KTP Associate at Dando Drilling International

678 views • 9 slides
Verifying email security techniques for Dutch organizations Student: Vincent van Dongen

Verifying email security techniques for Dutch organizations Student: Vincent van Dongen

Verifying email security techniques for Dutch organizations Student: Vincent van Dongen Supervised by: Ralph Dolmans, George Thessalonikefs (NLnet Labs) Security and Network Engineering (UvA) Master Thesis, 3 July 2018 Vincent van Dongen (UvA)

187 views • 17 slides
WOMEN & MILLENNIALS IN THE SUPPLY CHAIN How Seasoned & Millennial Professionals Work

WOMEN & MILLENNIALS IN THE SUPPLY CHAIN How Seasoned & Millennial Professionals Work

WOMEN & MILLENNIALS IN THE SUPPLY CHAIN How Seasoned & Millennial Professionals Work Together in the Logistics Industry WOMEN IN LOGISTICS & SUPPLY CHAIN WOMEN IN LOGISTICS According to the World Economic Forum, itll be nearly

367 views • 21 slides

More recommend