Event Details

ONG-ISAC ONG-ISAC & Fortress Webinar

View Calendar
October 3, 2023 2:00 pm - 3:00 pm

ONG-ISAC & Fortress Webinar

Title: Asset To Vendor Security for Energy Critical Infrastructure

CPE Credit: 1 hour

This presentation by Fortress Information Security will define, explore, and answer common questions on the ways Software and Hardware Bills of Materials can be used to analyze supply chain security and product vulnerabilities of energy technologies. Research into approximately 400 products commonly used by energy operators and other critical infrastructure companies found approximately 3,000 open-source components. 90% of these software packages contained code contributions from Russian and Chinese programmers, which were on average 2.25 times more likely to contain vulnerabilities than those authored by Western contributors.

Fortress has found that bills of material-based vulnerability analysis are 10 to 20 times more effective than traditional scanning. Fortress’ presentation will include a closer look at how Federal Regulation will compel a multitude of organizations to disclose SBOMs and other third-party risks as part of their standard Vulnerability Management procedures. In doing so, Fortress will explain how the logical inclusion of Hardware Bills of Materials (HBOMs) must become an inevitable part of this permanent shift in standard vulnerability and patch management best practices.

Session Goals:
The audience will learn why Software and Hardware Bills of Materials are essential tools in analyzing the risk of their suppliers and product vulnerabilities within critical infrastructure.


Tobias Whitney, Vice President of Energy Security Solutions at Fortress


Tobias Whitney's distinguished career as an acknowledged leader in control systems security solutions, with more than 25 years of critical infrastructure security experience, makes him a widely respected expert in the design and implementation of best-of-breed security solutions and the management of technology risk.

His broad background in sales, management, and technology spans cloud security, operational technology (OT) security, NERC CIP Compliance, and distributed energy resources. Tobias’ uniquely blended skill set enables him to analyze systems, processes, and organizations and deliver value-added solutions to technical subject matter experts and senior leadership.

Tobias’ uncommonly broad grasp of issues related to protecting critical infrastructure renders him an exceptional source of insights into the practical application of leading-edge supply chain risk management measures in an array of areas including but not limited to:

  • Vendor risk assessments
  • Product and technology security assessments
  • Software and Hardware Bill of Materials, as well as
  • Central repository/information sharing.

In his current role as Vice President of Energy Security Solutions at Fortress, Tobias leads sales and marketing. Fortress provides an integrated managed security service and platform that creates efficiencies and fortifies the supply chain security management process. His specific mandate is to identify and deliver solutions to Fortress’ electric power customers, comprising registered entities, users, vendors, and operators on the grid.