Vendor library offers means to bolster supply-chain security through data sharing and communication. Credit: Anna Jiménez Calaf A new library designed to be a centralized source of security information and communication for energy company suppliers was announced Tuesday by Fortress Information Security. The Asset to Vendor Library Trust Center is a project of Fortress, American Electric Power and Southern Company, and offers a way for suppliers to connect with their customers and provide information about their supply chain security practices.The library is a supplier-centered marketplace with the ability to share and update cybersecurity information, as well as provide marketing materials for patrons. Vendors and original equipment manufacturers can control the information they provide their customers, such as security attestations, completed North American Transmission Forum questionnaires, and third-party certifications.Suppliers can choose how to share their information in the librarySuppliers can choose to share information with everyone in the library or limit access to members who request it. Giving suppliers control over access to their information helps them solve the challenge many suppliers experience of receiving and exchanging security controls questionnaires from multiple prospects or clients. Each is phrased slightly differently but all are essentially the same. “A lot of these vendors only play in this market,” explains Betsy Soehren Jones, COO of Fortress, a provider of cyber risk management solutions for supply chains. “They’re frustrated with having to fill out 3,000 copies of the same form and sending it to all their customers.” She added that the library is designed with security in mind. “All the transactions in the library are encrypted,” Jones says. “Information flowing from the vendor and requests from customers to the vendor are done in a secure and protected manner.”“There are no analytics happening in the library itself,” Jones says. “Once a customer requests something from the library, that transaction goes away. So, there are no records of who is using what part or where a part is installed. It would take an enormous amount of work to use the material in the library for malicious purposes.” Information from 40,000 companies in the libraryCapabilities the Trust Center provides users include:Compliance management and audit preparation questionnaires and surveys patterned to meet existing and emerging regulatory standardsData-driven risk ranking that employs AI and open-source intelligence to determine the criticality and cyber maturity of supplier assetsSupplier validated product assessments that provide visibility on vulnerabilities, patch history, and security controlsInsights into the geopolitical relationships of suppliers, their products, and their fourth-party suppliersPatented blockchain technology for securely sharing software and hardware bills of materials and analyses designed to uncover open-source vulnerabilities, product components, and geopolitical affiliationsContinuous monitoring of all active suppliers, their customers, and fourth party vendorsSome 40,000 companies have submitted information to the library, but more information is needed. “The Trust Center and Fortress are positioned to help the industry educate the vendor community on why this is needed and have them deposit their answers in the Trust Center,” Jones says. “In the meantime, we understand that utility companies need to make business decisions, so what we will be doing in the interim is provide them with a data-driven reports compiled from open-source sources.” Related content news Bug in EmbedAI can allow poisoned data to sneak into your LLMs The vulnerability can be used to deceive a user into inadvertently uploading and integrating incorrect data into the application’s language model. By Shweta Sharma May 31, 2024 3 mins Generative AI Vulnerabilities news OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops OpenAI’s generative AI tools were used to create and post propaganda content on various geo-political and socio-economic issues across social media platforms, the company said. By Gyana Swain May 31, 2024 4 mins Generative AI news Okta alerts customers against new credential-stuffing attacks Hackers are using credential-stuffing to attack endpoints that are used to support the cross-origin authentication feature. By Shweta Sharma May 31, 2024 4 mins Identity and Access Management Vulnerabilities feature 3 reasons users can’t stop making security mistakes — unless you address them Understanding what’s behind employee security mistakes can help CISOs make meaningful adjustments to their security awareness training strategies. By Ariella Brown May 31, 2024 5 mins Data Breach Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe