The Emerging Cyber Threats to Industrial Control Systems (ICS) - Standards on Third-Party Risk Management and Cyber Risk Assessment Methodologies

In a world of increasing global cybersecurity threats, organizations need to understand the nature of the threats, as well as to recognize the role that organizations play in end-to-end supply chain cybersecurity in responding to them. Critical infrastructure like energy utilities often lack a workforce with specialized skills needed to address cyber security.

In alignment with USAID's Digital Strategy, the Advancing Modern Power Through Utility Partnership (AmpUp) program is hosting a knowledge-sharing webinar with Frances Cleveland, Xanthus Consulting International and Gian Luigi (Gigi) Pugni, ENEL (retired).  This webinar is the second in a ten-part series aimed at giving USAID partner-country utilities, policy-makers, and regulators a clear panorama of the relevance of cybersecurity within the electricity sector, including how to mitigate supply chain risks and monitor third-party vendor access.

This webinar focused on the internationally accepted standards and guidelines relevant to identifying and managing cybersecurity risks associated with the supply chain risk from third-parties / suppliers and will provide a survey of these documents (e.g., the U.S. National Institute of Standards and Technology [NIST] Cybersecurity Framework, NIST SP800-161, ISO/IEC 27036-1:2021, NISTIR 8276). This webinar did not go into significant detail about the risk management practices themselves, but rather the different approaches and considerations that utilities should take into account based on their context (e.g., generation, transmission, distribution, DER aggregators). Participants can see the previous webinar on ISO 27001 for guidance on preparing and completing certifications at an entity level.


Frances Cleveland

President and Principal Consultant
Xanthus Consulting International

Gigi Pugni

ENEL (retired)