Update on IEC 62443-4-2 – Evaluation Methodology for IACS components (T21a)
Assessing risk in ones cyber supply chain security is a complex endeavour – a supply chain is not only composed of a supplier to customer relationship, it is a network of suppliers, materials and service providers, and resources that are involved in the creation and the delivery of an organization‚ products and services. Whether intentional or accidental, cyber supply chain compromises can have a profound impact. So how can organizations be confident or derive a level of confidence towards their suppliers and the products they provide? The Canadian Centre for Cyber Security is developing a framework and methodology to help the Canadian federal government, critical infrastructure, and Canadian industry to assess and gain confidence in their suppliers. It examines aspects of ownership, technical risk, criticality and sensitivity, using the key elements of‚ confidence building measures‚ to establishing confidence in our suppliers. This talk will present the cyber supply chain assessment framework and methodology and illustrate it with a case study of how it is being applied to the telecommunications sector in Canada.