Suppliers Participating in the A2V Library Now Have a Powerful New Information-Sharing Tool

Orlando, FL

Fortress Information Security has unveiled a new way for suppliers to connect with their customers and provide pivotal information about their supply chain security practices. The new Asset to Vendor (A2V) Library Trust Center is a supplier-centered marketplace offering an enhanced ability to share and update cybersecurity information as well as provide product marketing materials for patrons.

“Information within the A2V Library that so many of our patrons require can now be efficiently shared, monitored, and administered by suppliers to enable their mutual success,” said Betsy Soehren Jones, COO at Fortress. “The Library is designed to make product information accessible, communications to customers quicker and faster, and regulatory compliance easier while eliminating redundancies.”

The A2V Library enables vendors and Original Equipment Manufacturers (OEMs) to control the information provided to their customers such as security attestations, completed North American Transmission Forum (NATF) questionnaires, and third-party certifications. When suppliers upload information to the Trust Center, they can select to share the information with all A2V members or to only grant access upon request from members on a case-by-case basis. It solves the challenge many suppliers experience of receiving and exchanging security controls questionnaires from multiple prospects or clients, all of which are phrased slightly differently but are essentially the same.

The supplier Trust Center provides users with other important capabilities, including:

  • Compliance management and audit preparation questionnaires and surveys pattern to meet existing and emerging regulatory standards.
  • Data-driven risk ranking that employs AI and open-source intelligence to determine the criticality and cyber maturity of supplier assets.
  • Supplier validated product assessments that provide visibility on vulnerabilities, patch history, and security controls.
  • Insights into the geopolitical relationships of suppliers, their products, and their 4th party suppliers.
  • Patented blockchain technology for securely sharing software and hardware (bill of materials) analyses designed to uncover open-source vulnerabilities, product components, and geopolitical affiliations.
  • Continuous monitoring of all active suppliers, their customers, and 4th party vendors.

This expansion of the A2V Library comes as the Department of Energy (DOE) is responding to President Biden’s Executive Order 14017 with a special program called the Energy Sector Industrial Base (ESIB). Specifically, the ESIB calls for the DOE to work with industry and “(a)ssess the installed base of digital components in critical energy systems to determine prevalence and prioritize cyber supply chain risks and mitigation actions.” The ESIB program recognizes the importance of the energy sector supply chain to national security in the United States. Fortress is committed to helping make the DOE’s newest program a success.

Rapid information sharing between suppliers and customers is of utmost importance as the nation embarks on a united effort to shore up our cybersecurity from foreign adversaries. Within the last two months, Russia has used cyberattacks to gain control of Ukraine through disruption of their critical services; unfortunately, this is only a small fraction of what they can accomplish using cyberwarfare. The A2V Library allows suppliers to share updates quickly and securely regarding their compliance and security tactics as Russian affairs continue to unfold, keeping their customers abreast of continuously evolving security measures.

Supply chain attacks are becoming increasingly frequent. As we assess the current geopolitical conflict, it has become apparent that cyberweapons are now accepted elements of modern warfare. Fortress believes that now is the time to prioritize increased industry-wide communication; secure information sharing is the roadmap to increased cybersecurity awareness.

About A2V

Fortress Information Security, American Electric Power, and Southern Company launched the Asset to Vendor Network (A2V) to establish a collaborative network of critical infrastructure stakeholders that share supply chain cybersecurity and compliance assessment, risk, and intelligence data to secure critical infrastructure and supply chains that deliver bulk electric power, IT, OT and other mission-critical systems and services.

More than 40,000 companies have submitted information now housed in the A2V Library. Fortress has collaborated with nine of the ten largest investor-owned power companies, including A2V founding partners American Electric Power and Southern Company, to secure products utilized by more than 40% of the U.S. power grid. Fortress actively monitors more than one million external assets and manages more than $25 billion in emerging risks. Fortress has worked with more than 2,000 vendors to complete the North American Transmission Forum (NATF) cybersecurity assessment. These assessments consist of 250 questions and were developed and approved by the utility industry.

For media looking for additional information, contact Adam Benson at adam@vrge.us or 202.999.9104 or Betsy Soehren-Jones at bjones@fortressinfosec.com.