Critical Infrastructure operators are continually challenged by the complexities of securing their supply chains. There has been work done in some sectors to address this, such as agreeing common security requirements and developing codes of practice. Others are more in the early stages.
The Supply Chain Expert Group (SCEG) is a volunteer initiative to progress multiple-sector approaches to the challenge of overseeing, managing, and influencing the cyber security of supply chains to critical infrastructure services.
Co-Led by Paul Dorey (Royal Holloway) and Tania Wallis (University of Glasgow) the group has membership of experienced experts from different sectors and parts of the supply chain.
To complement the NCSC principles-based guidance, the group is co-producing content specific to ICS and OT by providing illustrations of best practice.
The work items aim to be at a detailed enough level to guide implementation of OT cybersecurity improvements across CNI supply chains.
For the ongoing improvement of OT guidance, we welcome and request feedback.
The following items are now available for wider review and use.
- OT Supply Chain Cyber Security Assurance Standards for Critical National Infrastructure – An Infographic Introduction and Guide – view here.
- Re-prioritisation of SOC2 Trusted Services Criteria (TSC) for OT by mapping SOC2 TSC Points of Focus to NCSC Cyber Assessment Framework (CAF) and to the IET Code of Practice on Cyber Security and Safety – view mapping here and guidance document here
- Guidance for developing Supply Chain Incident Response and Management within your organisation – view here.
How to Join the SCEG:
If you would like to join an Expert Group, there is a 2 Stage process:
Stage 1 – You must be an existing member of the ICS COI community to join an Expert Group.
If you are not already a member of ICS COI, then please complete this Application Form.
The application process requires you to provide a short bio outlining your ICS and OT related experience. It will take up to 4 weeks for the necessary membership approval from the ICS COI Steering Group.
Stage 2 – When you have been accepted as a member of the ICS COI you will be able to apply to join the SCEG using the following form:
- Supply Chain Expert Group (SCEG) – SCEG Application Form
It will take up to 4 weeks for your Expert Group application to be assessed and approved by the ICS COI Steering Group.
You will find further information about the ICS COI here.