Vendor Risk Management for Critical Infrastructures

Critical infrastructures relying on ICS and SCADA architectures to run their vital operations must be diligent about vendor risk and vendor risk management.

Third-party vendors are regularly involved in the production or installation of ICS and SCADA systems for major infrastructure operations, making a vendor risk assessment a must prior to hiring or utilizing any third-party vendor.

What to Capture in a Vendor Risk Assessment

Vendor risk can include a poorly-set up password for your organization’s industrial control system or SCADA architecture, which can allow their databases to be easily compromised by attackers, or the vendor’s own ineffective security protections, also making them vulnerable to attack.

All critical infrastructures relying on industrial control systems and SCADA architectures should properly vet their vendors before leveraging any type of third-party service or technology.