Critical infrastructure is an attractive target for malicious actors. Successful attacks to critical infrastructure have severe impact and may result in collateral damages. An emerging attack vector used against critical infrastructure is software supply chain. Recent incidences that took advantage of the complexity of software supply chain resulted in severe damages that affected the lives of millions of people. With DISCGRID, ExcID and Guardtime will provide security and auditability mechanisms for protecting software supply chains. DISCGRID will initially focus on the firmware update process of smart grid operations technology with the ambition to expand to other segments. Using ExcID’s technology DISCGRID will demonstrate a secure, long-lasting, authentication mechanism for firmware providers, and a tamper-proof mechanism that will allow authorized entities to create “claims” about the provided firmware. Similarly, with Guardtime’s MIDA components DISCGRID demonstrates a secure, immutable, append-only log of signed claims that can be used as an accountability mechanism, and efficient methods for verifying and validating the integrity, authenticity, and provenance of the firmware to be installed.