NextGov: Federal Energy Regulatory Commission Wants to Update Cybersecurity Requirements

NextGov reported on how regulators are exploring to update critical infrastructure protection standards in order to secure electric utilities and other energy-sector entities from attacks against their software supply chains.  

Speaking about software transparency, which is needed to protect critical infrastructure, MITRE's Emily Frye noted, “A self-attestation letter does not provide us the kind of illumination or transparency that we who are accepting the risks as users should be forced to accept. I would encourage that we continue to march strongly toward the need for transparency…An SBOM, right now, is technically feasible, either by you, the supplier, giving it to me and by me double checking and creating my own. That's up and running; the technology works.”