Fortress Information Security collaborates with ONG-ISAC to improve supply chain cybersecurity
Fortress Information Security and the Oil and Natural Gas Information Sharing Analysis Center (ONG-ISAC) announced an industry-wide initiative focused on securing hardware and software components and supply chains.
The software and hardware used by oil and natural gas systems are critical to the industry’s reliable and safe operation. In addition, the supply chains for these products are at increased risk of compromise. Fortress will enable ONG-ISAC members to manage these risks securely and cost-effectively.
For more than two years, Fortress has operated a central repository of data on hardware and software supply chains for major utility companies, the Department of Defense, and other clients. Fortress will replicate its risk and remediation programs for the oil and gas industry.
“Hardware and software supply chain security is complex and dynamic. Collaboration is the only proven strategy to make supply chain cybersecurity a reality,” said Tobias Whitney, vice president of strategy and policy for Fortress. “The Fortress-ONG-ISAC partnership will foster better information sharing of cybersecurity risk to the oil and gas industry.”
The Fortress Asset to Vendor (A2V) Network will create an industry-wide risk management profile for all vendors and suppliers used by all ONG-ISAC members. A2V information sharing ensures that when one member identifies a vulnerability, all members are notified. Fortress supports and coordinates remediations requests with the larger vendor community to facilitate timely and effective responses that save time, effort, and money for ONG-ISAC members.
“As an industry, we must face today’s cybersecurity challenges as a united front,” said Angela Hahn, executive director of the ONG-ISAC. “As an ISAC, we look to partners like Fortress to provide valuable insights about risk and threats that could impact our members.”
ONG-ISAC members will have access to the A2V Library. They will be able to purchase specific Supply Chain Risk Management (SCRM) products, including the Fortress Software Bill of Materials (SBOM)/Hardware Bill of Materials (HBOM) analysis libraries.