Critical infrastructure industry unites to secure supply chains through new A2V Governance Committee
A new committee aimed at tackling supply chain cybersecurity was announced on Tuesday by Fortress Information Security and the Asset to Vendor Network (A2V), a group of critical infrastructure organizations that collaborate on cybersecurity assessments and risks to secure the bulk electric power and other important systems.
The A2V Governance Committee was formed by Fortress, along with American Electric Power (AEP) and Southern Company, the companies that began the more than two-year-old A2V Network. More than two dozen organizations are involved with the committee, including Avangrid, Florida Power & Light, Microsoft, the National Renewable Energy Laboratory, the U.S. Chamber of Commerce, and Xcel Energy, among others. The new committee is meant to provide a central point of oversight and recommendations for addressing supply chain risks and securing critical infrastructure. In this forum, vendors and asset owners alike will be able to share their security concerns and work toward common solutions.
“Critical infrastructure and manufacturing organizations, as well as their vendors, share common cybersecurity adversaries and face similar compliance challenges,” Tobias Whitney, vice president of Industry Relations and Regulatory Affairs at Fortress, said. “We can add value to our clients’ security and compliance programs by collaborating on solutions to address supply chain risk concerns. Everyone – from shareholders to customers – is better served when the industry can speak with one voice on supply chain security issues.”
Already, the existing A2V has focused its efforts on supporting more than 40,000 vendors and more than 2 million assets. While focused on critical asset owners and operators, the committee will also represent suppliers and service providers in its focus on solutions.
“We quickly work to assist electric power, water, and petrochemical companies with security and regulatory concerns in their infrastructure and supply chains and in other critical infrastructure sectors as well,” Whitney said. “Critical infrastructure organizations are seeing lots of changes after attacks like the Colonial Pipeline ransomware, Log4j, and other supply chain and operational technology attacks. Now is the time to show how our combined A2V experience can help build and roll out supply chain security solutions to prepare for the next line of attacks.”
Cyber attacks on critical infrastructure have become increasingly disruptive. In the case of Colonial Pipeline, the ransomware attack prompted the company to halt operations until a $4.4 million ransom was paid. The resulting shutdown caused emergency declarations across 17 states, as fuel shortages spread and governments rushed to keep supply lines open.
