An interesting initiative in the US for power companies to Know Your Supply Chain by sharing information about the vendors that supply them…:
[…] The sheer volume of supply chain vendors that provide equipment, software, and services to power utilities makes this a daunting task. The vast majority of the 3,000 electricity providers are small, regional operations that don’t have the manpower or budget to address this requirement effectively.
The reason Fortress and AEP developed the A2V Network is to provide a platform for sharing technology and information to support security efforts for these organizations. The A2V Network includes a substantial library of completed vendor risk assessments that comply with FERC regulations.
The press release explains, “Power companies who join A2V will be able to purchase vendor assessments for much less than it would cost for them to conduct the assessment themselves. Participating utilities also will be able to contribute their own completed assessments for purchase by the network and receive a portion of the proceeds. This will help them recover some of their investments in vendor assessments and help reduce overall operating and maintenance (O&M) costs associated with cyber security compliance.”
The A2V Network is an example of the kind of sharing and collaboration that needs to happen on a broader and more regular basis to improve cybersecurity for all industries and businesses. Siloed efforts exist and the trend is growing, but everyone will be better off when we are able to break down the walls and openly share relevant information to improve cybersecurity for everyone, rather than every organization trying to fight a futile battle against cyber attacks on its own.