Teams with Fortress Information Security, American Electric Power, and Avangrid to Populate Software Bill of Materials (SBOM) Repository
Natural gas and electric company NiSource (NYSE: NI) today became the latest investor-owned utility to join the North American Energy Supply Assurance Database (NAESAD). Through NAESAD, NiSource, American Electric Power (AEP), Avangrid, and Fortress Information Security securely share the latest essential information on software products managing mission-critical applications for the U.S. energy industry.
NAESAD will provide the energy industry with a comprehensive Software Bill of Materials (SBOM) repository for every vendor. Over the past several years, SolarWinds and Log4J vulnerabilities have highlighted the need to have a fundamental accounting for every software component used within the energy industry. In close collaboration with forward-looking software providers, NAESAD enables critical infrastructure companies to identify, triage, and remediate the most impactful and destructive risks.
“SBOMs are an important tool in our work to secure our most critical assets,” said Carla Donev, NiSource Vice President of Infrastructure and Chief Information Security Officer. “The utilities industry has a history of teaming up to secure the U.S. power grid. What’s good for the electric companies can also work for those of us in natural gas as well. NAESAD provides the apparatus for us to work with vendors and suppliers we know and trust. NAESAD will help us make sure we can share SBOMs safely to create a more resilient cybersecurity infrastructure.”
SBOMs provide the recipe of proprietary and open-source ingredients in software that run critical infrastructure technologies. SBOMs provide actionable information to purchasers so they can make informed decisions about software and help improve the security of applications.
“NiSource is one of several companies that has stepped up, making it known they want to secure their customers, the industry, and the nation,” said Fortress CEO Alex Santos. “By joining NAESAD, NiSource is making it possible for all Americans to feel more certain that the energy sources they rely on are protected.”
NiSource joins NAESAD less than one month after the White House unveiled its 2023 National Cybersecurity Strategy earlier this month. The Strategy calls for “promoting the further development of SBOMs as part of a process to mitigate the risk coming from unsupported software. Besides the Cybersecurity Strategy and the Executive Order, the Cybersecurity and Infrastructure Security Agency (CISA), The National Institute of Standards & Technology (NIST), and The Office of Management and Budget (OMB) have laid the groundwork for new SBOM requirements for companies that work with the U.S. Department of Energy, U.S. Department of Homeland Security, and other organizations responsible for U.S. critical infrastructure. Additional SBOM requirements for utilities and other critical industries are expected over the next year.
NiSource has approximately 3.2 million natural gas customers in six states (Indiana, Kentucky, Maryland, Ohio, Pennsylvania, and Virginia) as well as more than 500,000 electric customers in Indiana, under the Columbia Gas and NIPSCO brands.
More details about how to join NAESAD and share SBOMs with utility partners can be found at NAESAD.com.
NiSource Inc. (NYSE: NI) is one of the largest fully-regulated utility companies in the United States, serving approximately 3.5 million natural gas customers and 500,000 electric customers across seven states through its local Columbia Gas and NIPSCO brands. Based in Merrillville, Indiana, NiSource’s approximately 8,400 employees are focused on safely delivering reliable and affordable energy to our customers and communities we serve. Additional information about NiSource, its investments in modern infrastructure and systems, its commitments and its local brands are on its website.
About Fortress Information Security
Fortress secures North America's power and defense supply chains from cyberattacks on operational and critical enterprise technologies. Fortress' proprietary technology platform orchestrates North America's most advanced cyber supply chain risk management and vulnerability management programs. Fortress operates the Asset to Vendor network, which gives critical operators confidence that the products and services they obtain from others are cyber-safe. Fortress is a Goldman Sachs Portfolio Company.