In a previous blog post, we discussed how to calculate your SPRS (Supplier Performance Risk System) score in support of your CMMC (Cybersecurity Maturity Model Certification) efforts. In that same blog, we also provided a free tool to help you calculate your SPRS score automatically.
In this follow-on blog, we’ll talk about how to provide your SPRS score to the DoD, which is a whole other chore once you’ve actually determined what your score is. In order to access the part of the SPRS website where your score is uploaded, we first need a CAC (Common Access Card) or a DoD approved medium assurance ECA (External Certification Authority) certificate. The primary purpose of this certificate is to ensure that the individual person entering the score is who they actually claim to be (non-repudiation), in addition to ensuring the confidentiality of the data.
Over the weekend, the Colonial Pipeline, one of the largest US pipelines and a major supplier for the East Coast, was hit by a cyber attack. A ransomware attack caused the company to shutdown operations as they work through the necessary steps to respond and recover, however the impact is expected to be significant if fuel terminals experience outages as a result in disruption to their supply. The Colonial Pipeline supplies diesel, gasoline, and jet fuel. The US government has issued an emergency waiver to allow an exemption for drivers related to hours of service, as well as exemptions related to fuel transportation via tanker ships. To compound the supply issues further, the US is experiencing a shortage of fuel truck drivers, areas of the US are opening up further from COVID restrictions which is expected to increase travel, and we are approaching the summer travel season which notoriously increases fuel demands.