Fortress, ONG-ISAC to develop collaborative to secure supply chains
Fortress to create industry-wide risk management profile for all vendors, suppliers used by all ONG-ISAC members
Orlando-based Fortress Information Security (Fortress) and the Oil and Natural Gas Information Sharing Analysis Center (ONG-ISAC) on Wednesday announced an industry-wide initiative focused on securing hardware and software components and supply chains.
The software and hardware used by oil and natural gas systems are critical to the industry's reliable and safe operation. In addition, the supply chains for these products are at increased risk of compromise. Fortress will enable ONG-ISAC members to manage these risks securely and cost-effectively.
For more than two years, Fortress has operated a central repository of data on hardware and software supply chains for major utility companies, the US Department of Defense, and other clients. Fortress will replicate its risk and remediation programs for the oil and gas industry.
"Hardware and software supply chain security is complex and dynamic. Collaboration is the only proven strategy to make supply chain cybersecurity a reality," said Tobias Whitney, vice president of strategy and policy for Fortress. "The Fortress-ONG-ISAC partnership will foster better information sharing of cybersecurity risk to the oil and gas industry."
The Fortress Asset to Vendor (A2V) Network will create an industry-wide risk management profile for all vendors and suppliers used by all ONG-ISAC members. A2V information sharing ensures that when one member identifies a vulnerability, all members are notified. Fortress supports and coordinates remediations requests with the larger vendor community to facilitate timely and effective responses that save time, effort, and money for ONG-ISAC members.
"As an industry, we must face today's cybersecurity challenges as a united front," said Angela Hahn, executive director of the ONG-ISAC. "As an ISAC, we look to partners like Fortress to provide valuable insights about risk and threats that could impact our members."
ONG-ISAC members will have access to the A2V Library. They will be able to purchase specific Supply Chain Risk Management (SCRM) products, including the Fortress Software Bill of Materials (SBOM)/Hardware Bill of Materials (HBOM) analysis libraries.
Fortress Information Security secures critical industries from cybersecurity and operational threats stemming from vendors, assets, and software in their supply chains. Fortress is the only end-to-end platform that connects intelligence surrounding vendors, information technology and operational technology assets, and software through a holistic, fit-for-purpose approach. Fortress has also partnered with its customers and suppliers to form the Asset-to-Vendor (A2V) Network, which facilitates the secure and seamless exchange of asset information and security intelligence, enabling collaborative workflows to better understand and remediate potential issues. Fortress serves critical industries such as energy, government, aerospace & defense, critical manufacturing, industrial automation, automotive, and healthcare.
ONG-ISAC serves as a central point of coordination and communication to aid in the protection of exploration and production, transportation, refining, and delivery systems of the ONG industry, through the analysis and sharing of trusted and timely cyber threat information, including vulnerability and threat activity specific to Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.