Control Systems Cybersecurity USA (8th annual live) Control Systems Cybersecurity USA (8th annual live)

Thursday, September 23, 2021

- EDT
Securing the ICS Software Supply Chain (Virtual)
Eric Byres (Virtual pres)
Eric Byres (Virtual pres)
aDolus Technology Inc, CEO

Thanks first to the Solarwinds attack and then Executive Order 14028 -  Improving the Nation’s Cybersecurity, the security of the software supply chain has become the hot topic of the year. The Colonial Pipeline ransomware attack made critical infrastructure security front page news. This talk will look at the intersection of these two challenges - why securing the supply chain for critical OT environments is now an urgent priority for asset owners, suppliers and government agencies. In this session you will learn:

  • Why supply chain and ransomware attacks are dramatically increasing 
  • The new obligations set out in EO14028 that industry will need to follow
  • How EO14028 requirements will ripple far beyond government contracts
  • How Software Bill of Materials (SBOMs) will help secure software supply chains
  • What asset owners should be demanding from their OEM Vendors to secure OT systems
  • Why AI will be crucial for locating and prioritizing product vulnerabilities



- EDT
Panel: How do SBOM's work and How do Asset Owners Deploy One? (Physical and Virtual)
Eric Byres (Virtual pres)
Eric Byres (Virtual pres)
aDolus Technology Inc, CEO
Tony Turner
Tony Turner
Fortress Information Security, VP Security Solutions
Chris Blask
Chris Blask
Advisor and SME, Chair ICS ISAC
Steve Springett (Virtual pres)
Steve Springett (Virtual pres)
OWASP CycloneDX Core Working Group, Chair of the OWASP CycloneDX Core Working Group

How do SBOMS currently work (examples)- What are they? Who is currently utilizing them?
How can asset owners use SBOM?

Additional dialogue if time allows:
Are they secure? Is the code being updated upstream?
Who is going to maintain SBOMs?
Who at the facility (asset owner/end user) is responsible for maintaining and monitoring the SBOM?