November 18, 2024
Hitachi ABB Joins Supply Chain Security Network
|
Hitachi ABB Power Grids agreed to join the Asset to Vendor Network for Power Utilities, a cybersecurity-focused information sharing network.

Hitachi ABB Power Grids, a multinational supplier of technology for the energy industry, has agreed to join the Asset to Vendor (A2V) Network for Power Utilities, a cybersecurity-focused information sharing network for North America’s bulk power system.

A2V was launched earlier this year by Fortress Information Security and American Electric Power to provide utilities with a platform for sharing information on cybersecurity risks in their equipment supply chain. Initially aimed at helping entities meet the requirements of NERC’s CIP-013-1, A2V was later expanded to include provenance assessments for the foreign affiliations of suppliers in response to President Trump’s declaration of a national emergency in May aimed at enhancing the cybersecurity posture of the BPS. (See Trump Declares BPS Supply Chain Emergency.)

Most of the utilities and vendors participating in A2V have not been disclosed because of sensitivity issues. High-profile exceptions include Southern Co., the first utility to sign on, and now Hitachi ABB, the largest vendor to join the platform to date. Fortress hopes the presence of well known names such as these may serve as a vote of confidence in the platform that will attract participation by the ecosystem’s numerous smaller players.

“In order for the Asset to Vendor network to … be ideally suited as a community sharing platform for industry, we need a tremendous amount of participation from the vendor community,” Tobias Whitney, vice president of energy security solutions at Fortress, told ERO Insider. “And we’ve had that, frankly, from the beginning … but we wanted to make sure that our industry recognized that in order for the supply chain security issue to be addressed across the board, we need participating vendors like Hitachi ABB to come to the table [and] be transparent.”

United Response to Greater Threat

For Hitachi ABB, the introduction of A2V is part of a broader move toward common information-sharing practices that will be increasingly essential to the industry given not just the rise of cyber threats against critical infrastructure but also a “significant increase in the effort required by utilities” to comply with demands by the U.S. and Canadian governments for proof of cybersecurity readiness.

For example, NERC and the Department of Energy last month filed simultaneous requests for information on utilities’ exposure to foreign adversaries and their practices for mitigating supply chain vulnerabilities. (See Industry Seeks Clarity on Supply Chain Orders.)

While multinational firms like Hitachi ABB may already have processes in place for finding and sharing such information with their customers, this kind of industry-wide appetite can still create burdens for suppliers, especially smaller organizations with fewer resources. A common platform for sharing data on cybersecurity threats could provide a paradigm shift that benefits every industry player.

“We see the A2V network as a way to simplify and bring greater consistency to the reporting requirements that have arisen,” said Dave Goddard, head of digitalization at Hitachi ABB. “Through this process, Hitachi ABB … can provide answers to a large selection of questions typically asked by our utility customers … potentially serving a large pool of utilities with an accurate and consistent assessment response.”

Whitney agreed that easing utilities’ concerns about complying with the supply chain orders and Critical Infrastructure Protection standards is a primary goal of the platform. However, he cautioned that it will be difficult, if not impossible, to provide a simple blacklist of vendors to avoid, as some utilities have requested, and that entities should focus on building the groundwork for a united front against the common threat.

“I’m not sure if these foreign adversarial relationships are that clear; many large, multinational organizations can have … some ties with countries that may deal with foreign adversaries, but that doesn’t necessarily mean that those products and systems are already infiltrated,” Whitney said. “What has to happen now is that … utilities, vendors and suppliers need to raise their awareness and understanding of how these influences can impact the system.”

CIPFERC & Federal

Leave a Reply

Your email address will not be published. Required fields are marked *