Workshop on Supply Chain Security, Resilience and Integrity

Workshop Overview

A significant concern for the smart grid is the possibility that corrupted, counterfeit or compromised components could come through the supply chain – degrading the performance of the grid or causing serious and large-scale disruption.

The U.S. Resilience Project is partnering with the U.S. Department of Energy and George Mason University to convene a workshop on supply chain security, integrity, and resilience, with specific relevance to the Smart Grid supply chain. The workshop has the following goals:

• Understand how supply chain risk management has evolved over the past 10 years—a decade that saw the explosion of global enterprises and global supply chains, and the intensification of threats, cyber risks, and disruption triggers.
• Capture cross-sector best practices, processes, metrics, technologies, and governance structures to manage supply chain risks and mitigate their impacts.
• Map synergies and overlaps between tools and processes to ensure supply chain continuity as well as physical security and cybersecurity.
• Assess how current and emerging private-sector best practices reduce the risks to the integrity of the Smart Grid.
• Identify gaps and opportunities for collaborative problem solving.

Over the past decade, private sector supply chain risk management practices have evolved to meet a dramatically changed risk environment. The case studies prepared for the workshop highlight some of these new supply chain practices: trusted supply networks; vendor assessment processes; supply chain mapping; GPS and sensors attached to shipments to detect authorized entry, software coding processes that reduce the risks of unauthorized and unwanted code insertions, to name a few.

These cutting-edge tools have tremendous relevance to narrowing the risks of a Trojan horse scenario, but physical and cyber solutions are not always well integrated in addressing smart grid supply chain challenges.

The workshop brings together executives charged with supply risk management, security and cyber security to examine how supply chain best practices and processes can serve cyber security needs. Following an opening plenary, workshop participants will break out into groups focused on some key risks:

• Malicious substitution of hardware or software
• Counterfeiting
• Misuse of IP
• Maintaining security during supply chain disruptions

Participants representing the power/smart grid sector – as well as aerospace, IT and electronics, telecommunications and chemical sectors – will be asked to describe tools, templates and business processes they use to prevent, detect or mitigate these risks. Each breakout session will share the best practices and key findings and recommendations

Final Agenda

March 16, 2012
7:30 am	Coffee and Pastries
8:30 am	Welcome Roger Stough VP Research, George Mason University Debra van Opstal Director, U.S. Resilience Project
8:45 am	Goals for the Workshop Patricia Hoffman, Assistant Secretary for Electricity Delivery and Energy Reliability, DOE
9:00 am	Framing the Issues: Keynotes Ed Goff, Enterprise Architect IT&T Security, Progress Energy Ed Schweitzer, CEO Schweitzer Engineering Laboratories, Inc.
9:45 am	Framing the Threat Environment Robert Hutchinson, Senior Manager for Computer Science and Information Operations, Sandia National Laboratories
10:00 am	Setting the Stage for Breakouts Key Observations and Findings: U.S. Resilience Project Team Risk Framework: Edna Conway, Chief Security Strategist, Value Chain, Cisco Breakout Group Logistics: Energetics Incorporated
10:30 am	Networking Break
11:00 am	Breakout Sessions Managing Supply Chain Cyber Risks: Building from Business Best Practice Participants in the workshop will break into five groups to explore best practices to prevent, detect or mitigate: malicious substitution of hardware or software via the supply chain; substitution of counterfeit products/tampering in the supply chain; misuse of IP by supply chain partners; degradation of security protocols in crisis situations. The groups will also address gaps in protection and opportunities for collaborative solutions, technologies and smart policy. Working lunch provided.
2:00 pm	Networking Break
2:30 pm	Report of Findings and Recommendations from Breakout Leaders
3:45 pm	Next Steps Hank Kenchington, Deputy Assistant Secretary for R&D Office of Electricity Delivery and Energy Reliability, DOE
4:00 pm	Adjourn

Workshop Participants

On March 16, 2012, more than 75 supply chain management and cybersecurity experts from the electric, electronics, software, telecommunications, chemical, defense industrial base, aeropspace, and heavy manufacturing sectors participated in the workshop plenary and breakout sessions.

Workshop Participants List

Resources

To ensure the smart grid supply chain community has access to the most relevant and up-to-date information available today, the U.S. Resilience Project conducted an extensive literature review and interviewed numerous organizations. The results of these efforts have been synthesized into an executive summary format to identify information quickly and easily.

Several types of resources are provided here: workshop presentations; summaries of seminal articles and reports by topic; case studies by company; and tools, templates and guidelines in use today to secure the smart grid supply chain.