Public Trust Infrastructure (PTI) solutions
The Cyber Trust People leading the transition beyond PKI to PTI, Public Trust Infrastructure
About Us
Our Experience
It's official, Reliable Energy Analytics LLC ™ (REA ™) is now d/b/a Business Cyber Guardian™ (BCG) an American software engineering company located in Westfield, Massachusetts that is backed by American investors, using American labor to create Software Assurance Guardian ™ (SAG ™) products, SAG-PM™ and SAG-CTR™ to protect consumers from cyber-risks in the "digital world of things" DWOT ™ by identifying and verifying "Secure By Design" products following CISA and NIST guidance to prevent disasters, like the Crowdstrike incident that disabled 8.5 million Windows machines. BCG is committed to CISA's "Secure by Design" initiatives and secure software development practices.
Remember, never travel the information Super Highway without the Business Cyber Guardian™, Software Assurance Guardian Point Man™ (SAG-PM™) by your side helping to detect risk and look both ways before installing a software product or patch in a production environment, to prevent disaster.
We engineer software supply chain cyber-risk detection solutions to help Companies proactively detect and mitigate CISA Known Exploited Vulnerabilities (KEV) and other software supply chain risks, to prevent cyber-breaches and comply with US Government Regulations for secure software attestation required by GSA the State Department, SEC Cybersecurity Regulations and other agencies subject to OMB M-22-18 requirements and the collection of secure software attestation forms used in government risk assessments. I'm frequently asked, "What does Business Cyber Guardian do?" Here is my concise answer.
Over 40 years of software engineering accomplishments including 14 years designing and developing ISO New England's Business Intelligence and Advanced Analytics and Risk Management platforms and Technical Architecture provides us with a "front line ground truth" understanding of effective analytic functions performed by critical infrastructure operators. Our software engineers have a deep understanding of, and experience working with, the following areas:
- Cyber risk management practices and standards for all industries
- Detect software vulnerability risk, i.e., CISA KEV's, before procuring and installing a software product
- Ongoing monitoring of CISA KEV's and generation of NIST SBOM vulnerability disclosure reports for installed software
- Preservation of tamper-proof evidence for software supply chain risk management processes stored in a SAG-CTR™ secure Evidence Locker, collected using a "digital chain of custody protocol" for litigation purposes.
- SAG-CTR™ is a trust anchor (Trust Registry) for the digital world enabling parties to ascertain and verify trust in digital things. The social welfare and benefits to the public from having the "radical transparency" that a "Trust Registry" of verified, trustworthy digital products provides is significant and compelling and a necessity for the digital world of things
- SAG-CTR™ is a conceptual implementation of an IETF SCITT "Trust Registry"; information about SCITT is available in this video from Datatrails
- NIST Cyber Supply Chain Risk Management (C-SCRM) standards and guidelines
- Software Bill of Materials (SBOM) and CISA Known Exploited Vulnerabilities (KEV)
- NIST Cybersecurity Framework (CSF) and NIST SP 800-161 guidelines for supply chain risk assessments for Cybersecurity Executive Order 14028 and SEC regulations (17 CFR 229.106)
- Top of List for SEC Cybersecurity solutions identified by Crunchbase
- Advanced, patented statistical methods used in trust scoring
Service and Product Offerings
Providing clients with implementation support for NIST C-SCRM software supply chain risk assessment solutions (SAG-PM ™ ) and the preservation of tamper-proof evidence in SAG-CTR™ Trust Registry to comply with the new SEC cybersecurity rules effective December 23, 2023. SAG-PM implements the NIST Cybersecurity Framework V1.1 using Department of Commerce NTIA Software Bill of Materials (SBOM) supported formats CycloneDX and SPDX, following a patented (US11,374,961) 7-step SCRM risk assessment process to comply with SEC Cybersecurity Disclosure Regulations (17 CFR 229.106) and OMB M-22-18 requirements. The SAG-PM ™ SCRM application provides software consumers with a transparent look into the risks in a software package, including CISA Known Exploited Vulnerabilities (KEV) that represent material cyber-risks to an organization under the new SEC regulations, proactively, prior to any attempt at installation in a Companies digital ecosystem. SAG-PM ™ is available at a price point attractive to smaller entities with limited Cyber risk management budgets and lacking cybersecurity expertise.
Our consultants have extensive experience working on requirements for the CISA Secure Software Attestation Form that was published on March 11, 2024. BCG's CTO, Dick Brooks, is a contributor to the CISA ICT_SCRM Task Force Software Assurance Buyers Guide that serves as a complement to the CISA Attestation Form helping software vendors comply with "NIST Guidance" to satisfy attestation form expectations from the US Government.
The Energy industry is preparing a set of new cybersecurity standards specifically aimed at enabling the use of cloud based service offerings. The proposed NERC CIP 100 series of cybersecurity standards aim to address cloub specific best practices are properly implemented to avoid a cyber risk disaster.
This recent article by Petar Vojinovic describes some of the challenges organizations face when moving their systems and applications to the cloud. The article contains insights from the author as well as parties that are currently using cloud services and some of the challenges they faced in making the transition.
"If there is one consistent theme throughout their insights, it’s this: cloud security does not fail because the cloud is inherently insecure – it fails when ownership is unclear, visibility erodes, and disciplined fundamentals are replaced by assumptions."
Why Us?
BCG is a small, highly skilled and proficient software engineering organization that has grown organically since December 2018 under the leadership of Dick and Joanne Brooks, Co-Founders. We pride ourselves on developing high quality, reliable software solutions for the software supply chain risk management domain. Our flagship product SAG-PM ™ is the most mature, comprehensive, and complete patented software supply chain risk assessment product on the market implementing a "good faith process" following the NIST Cybersecurity Framework (CSF) and C-SCRM standards, backed by highly proficient, professional and dedicated software engineering and staff.
BCG is different from other cybersecurity vendors that must answer to their venture capital investors and follow the whims of market movements. From day one VC backed cybersecurity firms are "running for the exit" and that is their goal. It's common to find VC backed firms being "pumped up" to raise valuations before exiting. " Approximately 75% of venture-backed startups fail "
BCG is an American "owner backed company" that only answers to one group of people, our customers. We are not running for the "exit". BCG is in business to succeed by growing the company. We make money the old fashioned way, we earn it!
We succeed by focusing on delivering real, effective solutions. We listen to what our customers want and that's what we deliver; solutions that work for the customer, that is our top priority. Yes, we are small, compared to other cybersecurity solution providers, but we will compare our commitment to customers, product quality and technical skills with anyone. We remain committed to helping customers steer clear of the CISA KEV cyber-icebergs in their path and improve their cyber risk management capabilities to defend against hacker cyber-attacks and comply with SEC cybersecurity regulations (17 CFR 229.106) and other software supply chain regulations, such as the CISA Secure Software Self Attestation Form. We continue to be active participants in cybersecurity policy discussions and initiatives at CISA, NIST, the U.S Department of Energy (DOE) the North American Energy Standards Board (NAESB) and the IETF Supply Chain Integrity, Transparency and Trust (SCITT) work group to ensure that our SAG-PM™ and SAG-CTR™ solution remains fresh and ready to comply with regulations and cybersecurity best practices defined by the US Government.
Looking forward to seeing friends and colleagues at BSidesCT on September 30 hosted by Quinnipiac University; I'm doing a technical, implementation talk on the U.S. Securities and Exchange Commission Cybersecurity Regulations that take effect in December 2023, with a focus on cyber-risk detection in the software supply chain, such as Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities, as part of the cybersecurity process disclosure requirements (17 CFR 229.106) and the new, four-day cyber-incident reporting requirement in Form 8-K. An enhanced version of my BSides CT slide deck is available online.
A copy of my NASA, FDA and FCC presentations are available online.