Supply chain risk in critical infrastructure goes far deeper than vendor questionnaires. From hidden firmware dependencies to geopolitical exposure and cascading operational impacts across sites, understanding and managing third-party risk requires continuous monitoring, relationship investment and scenario-based thinking.

In this insightful discussion, Danielle Caruso, Reynaldo Gonzalez, Ryan Subers, Roger Caslow and Justin Powell discuss:

• How leading organizations are moving from static vendor assessments to continuous monitoring, darkweb surveillance, software bill of materials and incident response drills with critical suppliers;
• Why understanding hidden interdependencies - across firmware libraries, OEM ecosystems, and tier-three and tier-four suppliers - is essential to assessing the true blast radius of a supply chain compromise;
• How procurement practices, legal contracts, penetration test evidence requirements and geopolitical awareness are becoming integral to OT supply chain security strategy.