We are all regularly buying, building and deploying vendor and contractor equipment, systems and services, but how do we know that the products and services purchased have appropriate levels of cybersecurity? Are vendors and contractors designing, building and operating their products with cybersecurity in mind? Are they consistently searching for and addressing cybersecurity weaknesses? Do they have secure supply chains ?
This talk shares an approach for cybersecurity procurement language developed for the U.S. Army’s Office of Energy Initiatives that focuses on cybersecurity requirements for contractors designing, constructing and operating energy generating facilities within Army installations. These procurement cybersecurity requirements protect the installation lifecycle for operational technology networks and industrial control systems of contractor-owned and -operated systems.
Understand the current landscape of cyber-focused procurement language, gaps that exist, and what procurement clauses and processes would enable systems to be secure throughout their lifespan.
Identify well written, quantifiable cybersecurity procurement clauses that can be measured and enforced.
Identify and construct cybersecurity procurement clauses applicable to their particular installation and application, which will serve throughout the lifecycle of the implementation.