Announcements
January 20, 2022
Annual Supply Chain Criteria and Questionnaire Revision Process Underway
The NATF is commencing the annual revision process for the “NATF Supply Chain Security Criteria” and the “Energy Sector Supply Chain Risk Questionnaire.” The revision process, the criteria, and the questionnaire are posted on the NATF’s public Supply Chain Cyber Security Industry Coordination site. The process is open to industry, suppliers, regulators, and other stakeholders.
Input on the criteria and questionnaire can be submitted to supplychain@natf.net until close of business February 18 for consideration in the 2022 review cycle.
As the criteria and questionnaire are mechanisms to drive convergence on the information needed to conduct supplier risk assessments and are expected to be the basis for information included in a potential central library, it is important that the information you need to conduct risk analyses is included!
As a reminder: The criteria and questionnaire capture supplier information important to the electric sector for conducting risk assessments while keeping the amount of data received to a manageable level. The criteria are also verifiable. They are mapped to the National Institute of Standards and Technology (NIST) framework; and while NIST does not have a third-party certification or assessment available, the criteria are also mapped to other security frameworks that are certified or assessed by a qualified third-party. Note that while there is not a single security framework that addresses all criteria, including NIST, most can be verified by obtaining a combination of certifications and/or assessments.
January 11, 2022
Survey for Suppliers of Products or Services for the Electric Industry
The North American Transmission Forum (NATF), working with the organizations identified below, is facilitating a survey to obtain initial input on the development of a central repository/library to support the efficient sharing of required supply-chain-related security information from companies that supply products or services for the electric system and energy sector.
The primary objective is to reduce supply chain risks; a repository could serve to significantly reduce the level of effort to achieve this objective—for both companies required to ensure adequate vendor security and for vendors supporting this sector by limiting the number of times they have to provide the same security information.
This survey provides you an opportunity to include your ideas and input in the development of this central library.
The survey can be accessed HERE and will be open through January 24. A pdf version of the survey is available for your convenience.
Background
Supply chain breaches continue to be a risk to operational reliability and national security. Entities looking to implement supply chain risk management—as well as government, insurers, and other interested parties—have begun requiring the submission of basic security and hygiene data to better assess risks across third-party vendors. The development of a central repository, or library, of this commonly and repeatedly requested data is an opportunity for the electric industry to forward the implementation of a vendor assessment solution mitigating supply chain risks rather than having a solution imposed upon the industry through an executive order, regulation, or other method.
A viable central library that can provide information to help all participants identify and mitigate supply-chain risks will significantly reduce the level of effort associated with these evolving requirements. However, developing and establishing this library in a manner that meets your needs and security objectives relies on your support/participation and the support/participation from industry companies. The first step is to obtain good input and feedback. Your responses to this supplier-side survey will be used to ensure the development of a central library will best support these efforts across all stakeholders. A parallel effort is also underway to obtain input from industry companies. Collectively, these will be used to build a leading practice library to enhance our ability to more efficiently conduct supplier risk assessments and supplement our approach to mitigating supplier risk.
The survey consists of 26 questions, with a free-form write-in option at the end of the survey for you to provide additional input. Please provide responses to as many of the questions as you can. Your feedback is important to guide the appropriate development of a central library.
If you have any difficulty in accessing the survey or questions, please contact Valerie Agnew at vagnew@natf.net.
We appreciate you taking the time to complete the survey!
Supporting Organizations
CNK Solutions
Exelon
Hitachi Power Grids
Hubbell
International Society of Automation (ISA)
Schneider Electric
Schweitzer Engineering Labs (SEL)
Siemens
US Chamber of Commerce