Control Systems Cybersecurity USA (8th annual live) Control Systems Cybersecurity USA (8th annual live)

Panel: How do SBOM's work and How do Asset Owners Deploy One? (Physical and Virtual)

Stream and Physical Kenzies

Eric Byres (Virtual pres)
aDolus Technology Inc, CEO

Eric Byres is widely recognized as one of the world’s leading experts in the field of industrial control system (ICS) and Industrial Internet of Things (IIoT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed ICS-specific firewall in the world – licensed by industry giants Honeywell, Schneider Electric, and Caterpillar. Eric's many accomplishments include founding the BCIT Critical Infrastructure Security Centre, providing guidance to government security agencies and major energy companies on critical infrastructure protection, chairing the ISA SP-99 Security Technologies Working Group, representing Canada for the IEC TC65/WG10 standards effort, and testifying to the US Congress on the Security of Industrial Control Systems in National Critical Infrastructures. He has received numerous awards from international organizations and was made an ISA Fellow in 2009. In 2013 he received ISA’s highest honor: Excellence in Leadership. Today Eric leads aDolus Technology Inc.

Tony Turner
Fortress Information Security, VP Security Solutions

Tony leads the VSOC managed services team at Fortress helping customers with asset and vulnerability management and threat advisory services and designs many of the technical security solutions at Fortress. He has helped hundreds of companies with strategic and tactical approaches to solving their information security challenges. Tony most recently worked at a network security and vulnerability management vendor, where he led a transformational effort for the Professional Services organization and supported pre-sales activities for all of the Americas. He has a wealth of experience in helping customers solve challenges around vulnerability management and prioritization, network assurance, and other security and compliance objectives.

Chris Blask
Advisor and SME, Chair ICS ISAC

Strategic Advisor, Cybersecurity SME, Operational Technology Architect, Empresas Públicas de Medellín - EPM

Steve Springett (Virtual pres)
OWASP CycloneDX Core Working Group, Chair of the OWASP CycloneDX Core Working Group

Steve educates teams on the strategy and specifics of developing secure software. He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.

Steve's passionate about helping organizations identify and reduce risk from the use of third-party and open source components. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS), and is the Chair of the OWASP CycloneDX Core Working Group.

How do SBOMS currently work (examples)- What are they? Who is currently utilizing them?
How can asset owners use SBOM?

Additional dialogue if time allows:
Are they secure? Is the code being updated upstream?
Who is going to maintain SBOMs?
Who at the facility (asset owner/end user) is responsible for maintaining and monitoring the SBOM?