The topic of software bill of materials (SBoM) to provide transparency into software supply chain risks and vulnerabilities for critical infrastructure is gaining momentum through such efforts as the Cybersecurity Executive Order 14028 and the EEI Model Procurement Contract Language. Additionally demand for suppliers to provide insights into their hardware supply chains and foreign adversarial risks is also producing the need for compliance with NDAA Section 889. These requests for transparency have raised many questions about how to meet requirements and do so in a secure fashion.
Join Fortress Information Security to learn how a Cyber Bill of Materials can support supply chain risk management for asset owners and suppliers alike.
Presentation Highlights and Take-Aways:
· An overview of recent cyber-attacks and the supply chain threat landscape for ICS
· Breakdown of supply chain security regulations: Section 889 A & B, NERC-CIP regulations and Executive Order 14028
· The Importance of both Software (SBOM) and Hardware Bill of Materials (HBOM) & 4th Party Evaluations
· Identifying and mitigating supplier concerns for adoption – Cutting through the Fear, Uncertainty and Doubt
· Continuous Monitoring, Attestation sharing and use of Blockchain as a force multiplier to secure the industry
· BOM supplier and purchaser coordination for success