About Session
Do we understand what to ask for? and how do we manage the supply chain in the modern age of NIS2 and CRA? We are increasingly reliant on devices, systems and production facilities provided by third parties. Given the lifespan of the OT environment, many of today’s production facilities were purchased at a time when supply chain security was not a major focus. Therefore, service contracts do not take into account the new requirements set by regulators, insurance companies and more importantly, customers. So how will management meet market demands for security when the service setup does not support it? How does the energy sector as a whole deal with suppliers and manufacturers that do not fulfil the market demand for safety and safety compliance reporting? How can we convince vendors to continue to support old components with new cybersecurity features or perhaps even provide a 1:1 upgrade direction? What is a good approach to obsolescence management over 25 years (and can we learn from other industries)
Morten Holm Gregersen will have a dual focus in his discussion on operational and management level compliance with NIS2 and CRA security regulations in an environment where large industry vendors do not support the regulatory requirements.
This presentation will be in Danish.