Thursday, September 23, 2021
Thanks first to the Solarwinds attack and then Executive Order 14028 - Improving the Nation’s Cybersecurity, the security of the software supply chain has become the hot topic of the year. The Colonial Pipeline ransomware attack made critical infrastructure security front page news. This talk will look at the intersection of these two challenges - why securing the supply chain for critical OT environments is now an urgent priority for asset owners, suppliers and government agencies. In this session you will learn:
- Why supply chain and ransomware attacks are dramatically increasing
- The new obligations set out in EO14028 that industry will need to follow
- How EO14028 requirements will ripple far beyond government contracts
- How Software Bill of Materials (SBOMs) will help secure software supply chains
- What asset owners should be demanding from their OEM Vendors to secure OT systems
- Why AI will be crucial for locating and prioritizing product vulnerabilities
How do SBOMS currently work (examples)- What are they? Who is currently utilizing them?
How can asset owners use SBOM?
Additional dialogue if time allows:
Are they secure? Is the code being updated upstream?
Who is going to maintain SBOMs?
Who at the facility (asset owner/end user) is responsible for maintaining and monitoring the SBOM?