Safeguard
Tag

critical-infrastructure

Safeguard articles tagged "critical-infrastructure" — guides, analysis, and best practices for software supply chain and application security.

31 articles

AI Security

GPT-5.5-Cyber and Trusted Access: The Dual-Use Governance Questions Defenders Should Be Asking

OpenAI's Daybreak ships a permissive, offensive-capable model behind a tiered Trusted Access program and a wave of government partnerships. Here's what model-risk, procurement, and security-policy teams should demand before they rely on it.

Jun 23, 20266 min read
Regulatory Compliance

CISA's CI Fortify (May 2026): Planning Critical Infrastructure for Cyber Isolation and Recovery

On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.

May 7, 202611 min read
Infrastructure Security

Iran-Linked Actors Are Disrupting U.S. Water and Energy PLCs: Inside CISA/FBI Advisory AA26-097A (2026)

A joint FBI, CISA, NSA, EPA, DOE and Cyber Command advisory (AA26-097A, April 2026) warns that Iranian-affiliated actors are now causing operational disruption to internet-exposed PLCs across U.S. water, energy, and government facilities. Through May 2026 it is the defining OT threat. We unpack the campaign and the defense.

May 6, 202612 min read
Compliance

TSA Surface Transportation Cyber NPRM: From Directives to Rule

TSA's November 2024 Enhancing Surface Cyber Risk Management NPRM would formalize what pipeline and rail SDs already require. Operators should prepare now.

Apr 15, 20266 min read
Regulatory Compliance

NIS2 Directive Supply Chain Obligations in 2026

NIS2 has been in force across the EU since October 2024, and member state enforcement is now operating in earnest. The supply chain obligations are the ones most organizations underestimated.

Apr 8, 20265 min read
Compliance

CIRCIA Final Rule: Reporting Thresholds and Covered Entities

CISA pushed the CIRCIA final rule to May 2026. We unpack the dual-track threshold structure, the 72-hour and 24-hour timers, and what the 300,000-entity scope means.

Mar 11, 20266 min read
Compliance

The Software Transparency Act of 2026: What It Means for the Industry

Proposed legislation would require SBOMs for all critical infrastructure software. Here's a detailed analysis of the bill and its implications.

Feb 1, 20266 min read
Software Supply Chain Security

Software supply chain security for telecom network infras...

Why telecom network software supply chain security demands continuous SBOMs and vendor risk oversight — from 5G base stations to core networks — and how carriers are closing the gap.

Dec 26, 20257 min read
Regulatory Compliance

NERC CIP-013 compliance and software supply chain risk ma...

NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.

Dec 22, 20258 min read
SBOM

SBOM requirements for industrial control systems (ICS/SCADA)

ICS/SCADA SBOM requirements are colliding with 20-year-old control systems that predate software transparency mandates. Here's what's required, why, and how to close the gap.

Dec 22, 20257 min read
Software Supply Chain Security

Securing smart grid and advanced metering infrastructure ...

How AMI firmware, smart meters, and grid modernization projects create software supply chain risk for utilities — and what closing that gap actually requires.

Dec 21, 20257 min read
Industry Analysis

Third-party risk management for OT/ICS vendors in utilities

A step-by-step guide to OT ICS vendor risk management for utilities: assessing, auditing, and monitoring SCADA and industrial control system vendors.

Dec 21, 20259 min read
critical-infrastructure — Safeguard Blog