critical-infrastructure
Safeguard articles tagged "critical-infrastructure" — guides, analysis, and best practices for software supply chain and application security.
31 articles
GPT-5.5-Cyber and Trusted Access: The Dual-Use Governance Questions Defenders Should Be Asking
OpenAI's Daybreak ships a permissive, offensive-capable model behind a tiered Trusted Access program and a wave of government partnerships. Here's what model-risk, procurement, and security-policy teams should demand before they rely on it.
CISA's CI Fortify (May 2026): Planning Critical Infrastructure for Cyber Isolation and Recovery
On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.
Iran-Linked Actors Are Disrupting U.S. Water and Energy PLCs: Inside CISA/FBI Advisory AA26-097A (2026)
A joint FBI, CISA, NSA, EPA, DOE and Cyber Command advisory (AA26-097A, April 2026) warns that Iranian-affiliated actors are now causing operational disruption to internet-exposed PLCs across U.S. water, energy, and government facilities. Through May 2026 it is the defining OT threat. We unpack the campaign and the defense.
TSA Surface Transportation Cyber NPRM: From Directives to Rule
TSA's November 2024 Enhancing Surface Cyber Risk Management NPRM would formalize what pipeline and rail SDs already require. Operators should prepare now.
NIS2 Directive Supply Chain Obligations in 2026
NIS2 has been in force across the EU since October 2024, and member state enforcement is now operating in earnest. The supply chain obligations are the ones most organizations underestimated.
CIRCIA Final Rule: Reporting Thresholds and Covered Entities
CISA pushed the CIRCIA final rule to May 2026. We unpack the dual-track threshold structure, the 72-hour and 24-hour timers, and what the 300,000-entity scope means.
The Software Transparency Act of 2026: What It Means for the Industry
Proposed legislation would require SBOMs for all critical infrastructure software. Here's a detailed analysis of the bill and its implications.
Software supply chain security for telecom network infras...
Why telecom network software supply chain security demands continuous SBOMs and vendor risk oversight — from 5G base stations to core networks — and how carriers are closing the gap.
NERC CIP-013 compliance and software supply chain risk ma...
NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.
SBOM requirements for industrial control systems (ICS/SCADA)
ICS/SCADA SBOM requirements are colliding with 20-year-old control systems that predate software transparency mandates. Here's what's required, why, and how to close the gap.
Securing smart grid and advanced metering infrastructure ...
How AMI firmware, smart meters, and grid modernization projects create software supply chain risk for utilities — and what closing that gap actually requires.
Third-party risk management for OT/ICS vendors in utilities
A step-by-step guide to OT ICS vendor risk management for utilities: assessing, auditing, and monitoring SCADA and industrial control system vendors.