CUSTOMER LOGIN
  • BLOG
  • CONTACT US
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Integrations
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Integrations
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Integrations
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy

NERC CIP-013 and the Impact of New Regulations in the Industry

Published by Sabrina Pagnotta on July 2, 2020
Categories
  • Blog
Tags
  • Industry Regulation
NERC-CIP-013-and-the-Impact-of-New-Regulations-in-the-Industry

The upcoming NERC CIP-013 regulation is very important and long overdue for the Power and Utilities sector. There have been pushes and concerns around the supply chain throughout the world. With stories from the US government and other countries preventing organizations from engaging with vendors that have tampered, intercepted or somehow put the supply chain components at risk. 

A new regulation will provide organizations with more comfort in knowing that they are doing things better and understanding the elements of their supply chain.

  • Who are you doing business with?
  • Was the component you purchased manufactured up to standard?
  • Has it been intercepted in some way?

There is risk associated at many levels in Utilities, and organizations often engage with small providers who may not have the right security standards. A regulation like NERC CIP-013 will make it more imperative to understand that doing business with “two guys in a garage” is high risk unless the appropriate controls and processes are in place.

Safety is Everybody’s Business

In Utilities, there’s a saying that “Safety is everybody’s business”. At some level, cybersecurity is becoming a part of everyone’s job too. This goes beyond phishing emails and targeted campaigns, which have been around for sometime now. This is about involving supply chain buyers, who traditionally haven’t had a major role in cybersecurity. They are going to need to ask some questions to ensure their third-party relationships are secure, and be more actively involved than before.

It requires a new level of engagement from legal, corporate insurance, compliance, security, as well as the entire supply chain and the actual business stakeholder. So there’s a whole new level of communication that has to become the norm.

Read more: How to Get Legal, Procurement and Business Owners Onboard with Security

Do more regulations have a positive impact?

It’s fair to say that new regulations are not exactly exciting, as nobody wants to be regulated and constantly audited. That said, more regulation and higher standards push the industry to do more and therefore can have a positive impact on its security posture.

If it was up to each and every Utility to decide what’s their risk threshold, we would have a very different scenario. Especially in small organizations with resource constraints, where third-party risk assessment, monitoring and mitigation isn’t usually a big priority. More importantly, a new regulation forces everyone to pay attention to security and provides a structured approach.

Luckily, Utilities are ahead of the game in some areas, as they’re one of the highest regulated industries, along with Healthcare and Finance. Their leadership understands security is non negotiable.

Conclusion

NERC CIP-013 makes it necessary to conduct thorough risk assessments and have a repeatable process to measure, document and track third-party risk. As we move forward, we are likely to see more regulations, so it’s important to make sure we have the right tools in place.

The ThirdPartyTrust platform can help Power and Utilities organizations build a process to communicate with their third-parties in a timely fashion, in order to get them to complete security questionnaires instead of chasing them down via email or phone calls. With ThirdPartyTrust, you control who gets what questionnaire (full SIG or custom), what documentation is pending, what parts of the supply chain need more attention and its overall health.

If you’re worried about compliance, the North American Transmission Forum has issued some guidelines and resources that can serve as a starting point. They’re not official, and they don’t guarantee NERC CIP-013 compliance, but they were developed by a consortium of Utilities, then reviewed thoroughly by an even bigger consortium of Utilities, and they have been validated against the standards. 

Many organizations were probably ready to comply as of July 1st, 2020 which was the initial enforcement date for NERC CIP-013; and many others will enjoy the extra breathing room to prepare for the new date, on October 1st. But all of them are aware of the fact that this is auditable and they can be questioned or fined about it.




To learn more about how ThirdPartyTrust can help you streamline your TPRM program and comply with industry standards, request your free trial now:


Trial Account Sign-Up
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    -------------------+18476966236
  • Address
    -------------------
    1842 W. Irving Park Rd, #401, Chicago, IL 60613
  • Sales
    -------------------sales@thirdpartytrust.com
  • Marketing
    -------------------marketing@thirdpartytrust.com
  • Support
    -------------------support@thirdpartytrust.com

Contact us

Follow us!

LinkedIn
Twitter
YouTube
Facebook

Laika_SOC2_TypeI_PurpleIris

Copyright © ThirdPartyTrust 2022 | 1842 W. Irving Park Rd, #401, Chicago, IL 60613
  • BLOG
  • PARTNERS LOGIN
  • CONTACT US
Request Demo
  • BLOG
  • CONTACT US
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT