American Electric Power and Avangrid Networks has partnered with Fortress Information Security, a supply chain cyber provide for critical infrastructure, to launch the North America Energy Software Assurance Database (NAESAD). The goal of NAESAD is to help suppliers identify and remediate vulnerabilities in software that is used for mission-critical applications in the energy industry. The database will provide the industry with a comprehensive Software Bill of Materials (SBOM) repository for every vendor, which will secure the aggregation of SBOMs for every utility industry vendor. The repository will allow utilities to identify, triage, and remediate the most significant risks to the U.S. energy industry.
“The challenges for utilities and their supply chain partners are significant, but there is a clear path to mitigating critical risks,” said Alex Santos, CEO of Fortress. “Industry players must collaborate – from the smallest supplier to the largest utility. The SBOM for every critical product needs to be carefully analyzed to reveal, prioritize, and eliminate the vulnerabilities that pose the greatest threat to the U.S. energy industry.”
The launch of NAESAD comes as regulators, policymakers, and utilities focus more on SBOMs, with new SBOM requirements expected for utilities and other critical industries over the next year.