Intelligent CISO Issue 30 | Page 45

By engaging with the CNI , organisations can ensure that the necessary transparency throughout the supply chain is achieved .
industry unlocked could turn towards the Digital Bill of Materials ( DBOM ), which provides full digital associativity across all organisations involved in engineering , supply chain , manufacturing , sales and service . By engaging with the CNI , organisations can ensure that the necessary transparency throughout the supply chain is achieved , as well as optimising the visibility of potential vulnerabilities .
A level of transparency and accountability should also be applied more broadly to ensure best practice across the board – especially as increasing numbers of organisations in the supply chain adopt IoT and cloud-native devices . A shared responsibility model of security is important here . This involves a layered defence where organisations address each part of the ‘ stack of responsibility ’ individually , yet they all interact together as a complete framework .

By engaging with the CNI , organisations can ensure that the necessary transparency throughout the supply chain is achieved .

Throughout the energy supply chain , from service providers to enterprises and individual users , everyone is accountable for security in some way , and with the shared responsibility model , organisations can ensure that everyone does their part .
Failing to adopt a shared responsibility model will ultimately lead to a higher level of risk and poorer overall security .
Without a clear understanding of responsibility and a collaborative approach , IT will not have a comprehensive view of systems required to keep track of all data and potential threats . Limited visibility means limited security .
Should teams be testing Industrial Control Systems regularly for vulnerabilities – and are there any potential challenges when testing ?
Definitely . Responsible testing should happen regularly to ensure that teams are on top of any potential threats . Not only should testing happen , but it should also be encouraged and rewarded throughout the sector , such as through bug bounty programmes . www . intelligentciso . com | Issue 30
45